-
Rémy Coutable authored
Allow the Rails cookie to be used for API authentication Makes the Rails cookie into a valid authentication token for the Grape API, and uses it instead of token authentication in frontend code that uses the API. Rendering the private token into client-side javascript is a security risk; it may be stolen through XSS or other attacks. In general, re-using API code in the frontend is more desirable than implementing endless actions that return JSON. Closes #18302 See merge request !1995 Signed-off-by: Rémy Coutable <remy@rymai.me>
d14c8b16