Commit 7612f1c4 authored by Steve Halasz's avatar Steve Halasz

Document that webhook secret token is sent in X-Gitlab-Token HTTP header

parent 532202a5
...@@ -59,6 +59,7 @@ v 8.11.0 (unreleased) ...@@ -59,6 +59,7 @@ v 8.11.0 (unreleased)
- Fix RequestProfiler::Middleware error when code is reloaded in development - Fix RequestProfiler::Middleware error when code is reloaded in development
- Catch what warden might throw when profiling requests to re-throw it - Catch what warden might throw when profiling requests to re-throw it
- Speed up and reduce memory usage of Commit#repo_changes, Repository#expire_avatar_cache and IrkerWorker - Speed up and reduce memory usage of Commit#repo_changes, Repository#expire_avatar_cache and IrkerWorker
- Document that webhook secret token is sent in X-Gitlab-Token HTTP header
v 8.10.3 v 8.10.3
- Fix Import/Export issue importing milestones and labels not associated properly. !5426 - Fix Import/Export issue importing milestones and labels not associated properly. !5426
......
...@@ -19,7 +19,7 @@ ...@@ -19,7 +19,7 @@
= f.label :token, "Secret Token", class: 'label-light' = f.label :token, "Secret Token", class: 'label-light'
= f.text_field :token, class: "form-control", placeholder: '' = f.text_field :token, class: "form-control", placeholder: ''
%p.help-block %p.help-block
Use this token to validate received payloads Use this token to validate received payloads. It will be sent with the request in the X-Gitlab-Token HTTP header.
.form-group .form-group
= f.label :url, "Trigger", class: 'label-light' = f.label :url, "Trigger", class: 'label-light'
%ul.list-unstyled %ul.list-unstyled
......
...@@ -26,6 +26,10 @@ GitLab webhooks keep in mind the following things: ...@@ -26,6 +26,10 @@ GitLab webhooks keep in mind the following things:
you are writing a low-level hook this is important to remember. you are writing a low-level hook this is important to remember.
- GitLab ignores the HTTP status code returned by your endpoint. - GitLab ignores the HTTP status code returned by your endpoint.
## Secret Token
If you specify a secret token, it will be sent with the hook request in the `X-Gitlab-Token` HTTP header. Your webhook endpoint can check that to verify that the request is legitimate.
## SSL Verification ## SSL Verification
By default, the SSL certificate of the webhook endpoint is verified based on By default, the SSL certificate of the webhook endpoint is verified based on
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment