b623932eb3
With this we allow authentication using a session or using personal access token. Authentication using a session, and CSRF token makes it easy to play with GraphQL from the Graphiql endpoint we expose. But we cannot enforce CSRF validity, otherwise authentication for regular API clients would fail when they use personal access tokens to authenticate.
5 lines
94 B
YAML
5 lines
94 B
YAML
---
|
|
title: Allow GraphQL requests without CSRF token
|
|
merge_request: 25719
|
|
author:
|
|
type: fixed
|