• Rémy Coutable's avatar
    Merge branch '18302-use-rails-cookie-in-api' into 'master' · 3a713ef1
    Rémy Coutable authored
    Allow the Rails cookie to be used for API authentication
    
    Makes the Rails cookie into a valid authentication token for the Grape
    API, and uses it instead of token authentication in frontend code that
    uses the API.
    
    Rendering the private token into client-side javascript is a security
    risk; it may be stolen through XSS or other attacks. In general,
    re-using API code in the frontend is more desirable than implementing
    endless actions that return JSON.
    
    Closes #18302
    
    See merge request !1995
    Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
    3a713ef1
api_guard.rb 4.25 KB