Skip to content

executors: Pass auth via header instead of basic auth

Warren Gifford requested to merge ef/executor-auth-header into main

Created by: efritz

This PR stops passing auth via BasicAuth/the URL when the executor interfaces with the frontend (via HTTP requests as well as git commands for fetch/clone) and sends the same shared token (previously the password) via the Authorization header instead.

This PR remove support for reading the old auth type. This should not affect any configuration, but executors + application code must be deployed concurrently for existing instances (dogfood, Cloud) to prevent a bad auth scheme failing jobs.

Fixes sourcegraph/security-issues/issues/205.

Merge request reports

Loading