gitlab-org--gitlab-foss/doc/security/user_file_uploads.md

1.6 KiB

type stage group info
reference Manage Authentication and Authorization To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments

User File Uploads (FREE)

Images that are attached to issues, merge requests, or comments do not require authentication to be viewed if they are accessed directly by URL. This direct URL contains a random 32-character ID that prevents unauthorized people from guessing the URL for an image, thus there is some protection if an image contains sensitive information.

Authentication is not enabled because images must be visible in the body of notification emails, which are often read from email clients that are not authenticated with GitLab, such as Outlook, Apple Mail, or the Mail app on your mobile device.

NOTE: Non-image attachments do require authentication to be viewed.