Add validation for mask item value is part of URL
What does this MR do and why?
This feature is behind the feature flag webhook_form_mask_url
. Issue #381231 (closed).
- Validates that the mask item value is part of the URL. For example, if the URL is
http://example.com?password=secret
thenexample.com
andsecret
are valid values, whilerandom-string
is not. - This validation is triggered immediately once the user starts typing values in the Sensitive portion of URL (does not require button click / form submit).
- Also fix an issue with editing where users could key in the same key as an existing one and the UI would disable the field as it considers it as "isEditing". We adds the index of the field so we don't mark it as "isEditing" by mistake.
This is the list of MRs around this feature:
MR | Status |
---|---|
Add basic UI for UI masking of webhook URL (!99995 - merged) |
|
Add frontend for working with URL variables (!100817 - merged) |
|
Add editing of masked items for webhook URL (!102150 - merged) |
|
Add presence validation to URL and URL mask ite... (!102720 - merged) |
|
Add validation for mask item value is part of URL |
|
Screenshots or screen recordings
How to set up and validate locally
- Enable the feature flag.
- Go to Project > Settings > Webhooks. For example,
http://127.0.0.1:3000/gitlab-org/gitlab-shell/-/hooks
. - Use any URL as the webhook URL. For example,
https://gitlab.com/dashboard/todos
. - Select
Mask portions of the URL
and add values. For example,gitlab.com
->domain
,dashboard/todos
->path
.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #361125 (closed)
Edited by Justin Ho Tuan Duong