Allow context qsh for Jira subscriptions json
The JSON endpoint will be requested by frontend using a JWT that Atlassian provides via Javascript. This JWT will likely use a context-qsh because Atlassian don't know for which endpoint it will be used. Read more about context JWT here: https://developer.atlassian.com/cloud/jira/platform/understanding-jwt-for-connect-apps/ This is the second attempt to add this change. The first one (https://gitlab.com/gitlab-org/gitlab/-/merge_requests/83836) got reverted after an incident (https://gitlab.com/gitlab-com/gl-infra/production/-/issues/6774) This problem was fixed in this commit by only verifying qsh on the index action.
Showing
Please register or sign in to comment