Skip to content

Add validation for mask item value is part of URL

What does this MR do and why?

This feature is behind the feature flag webhook_form_mask_url. Issue #381231 (closed).

  • Validates that the mask item value is part of the URL. For example, if the URL is http://example.com?password=secret then example.com and secret are valid values, while random-string is not.
  • This validation is triggered immediately once the user starts typing values in the Sensitive portion of URL (does not require button click / form submit).
  • Also fix an issue with editing where users could key in the same key as an existing one and the UI would disable the field as it considers it as "isEditing". We adds the index of the field so we don't mark it as "isEditing" by mistake.

This is the list of MRs around this feature:

MR Status
Add basic UI for UI masking of webhook URL (!99995 - merged) Merged
Add frontend for working with URL variables (!100817 - merged) Merged
Add editing of masked items for webhook URL (!102150 - merged) Merged
Add presence validation to URL and URL mask ite... (!102720 - merged) Merged
Add validation for mask item value is part of URL 👈 You are here

Screenshots or screen recordings

Webhook_mask_URL_validation_for_mask_item_value

How to set up and validate locally

  1. Enable the feature flag.
  2. Go to Project > Settings > Webhooks. For example, http://127.0.0.1:3000/gitlab-org/gitlab-shell/-/hooks.
  3. Use any URL as the webhook URL. For example, https://gitlab.com/dashboard/todos.
  4. Select Mask portions of the URL and add values. For example, gitlab.com -> domain, dashboard/todos -> path.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #361125 (closed)

Edited by Justin Ho Tuan Duong

Merge request reports

Loading