gitlab-org--gitlab-foss/spec/controllers
Bob Van Landuyt b623932eb3 Allow GraphQL requests without CSRF token
With this we allow authentication using a session or using personal
access token.

Authentication using a session, and CSRF token makes it easy to play
with GraphQL from the Graphiql endpoint we expose.

But we cannot enforce CSRF validity, otherwise authentication for
regular API clients would fail when they use personal access tokens to
authenticate.
2019-03-06 15:38:00 +01:00
..
admin Show header and footer system messages in email 2019-02-27 22:07:50 +02:00
boards Enable the Layout/ExtraSpacing cop 2019-01-24 13:05:45 +01:00
concerns Bump fog-aws to 3.3.0 and associated dependencies 2019-02-28 22:51:03 -08:00
dashboard Merge branch 'security-2773-milestones-fix' into 'master' 2019-03-04 18:37:15 +00:00
explore
google_api Validate session key when authorizing with GCP to create a cluster 2019-02-19 17:21:08 +11:00
groups Change policy regarding group visibility 2019-02-20 11:08:13 +01:00
import Improve the GitHub and Gitea import feature table interface 2019-02-13 00:15:57 +00:00
instance_statistics
ldap
oauth
profiles Move language setting to preferences 2019-02-20 22:58:53 +00:00
projects Merge dev master into GitLab.com master 2019-03-04 19:44:46 +01:00
snippets
users
abuse_reports_controller_spec.rb
application_controller_spec.rb Fix ETag caching not being used for AJAX requests 2019-02-26 12:54:31 +01:00
autocomplete_controller_spec.rb
dashboard_controller_spec.rb
groups_controller_spec.rb Always use CTE for IssuableFinder counts 2019-02-28 11:25:57 -06:00
health_check_controller_spec.rb
health_controller_spec.rb
help_controller_spec.rb Fix broken links on help page 2019-02-11 23:41:58 +01:00
invites_controller_spec.rb
metrics_controller_spec.rb
notification_settings_controller_spec.rb
omniauth_callbacks_controller_spec.rb Merge branch 'ce-security-jej/group-saml-link-origin-verification' into 'master' 2019-03-04 18:36:26 +00:00
passwords_controller_spec.rb
profiles_controller_spec.rb
projects_controller_spec.rb Enable the Layout/ExtraSpacing cop 2019-01-24 13:05:45 +01:00
registrations_controller_spec.rb
root_controller_spec.rb
search_controller_spec.rb Enable the Layout/ExtraSpacing cop 2019-01-24 13:05:45 +01:00
sent_notifications_controller_spec.rb
sessions_controller_spec.rb
snippets_controller_spec.rb Check snippet attached file to be moved is within designated directory 2019-02-21 16:44:44 +08:00
uploads_controller_spec.rb Enable the Layout/ExtraSpacing cop 2019-01-24 13:05:45 +01:00
user_callouts_controller_spec.rb
users_controller_spec.rb Eliminate most N+1 queries loading UserController#calendar_activities 2019-03-01 10:57:09 -08:00