Require API authentication for GET CI Lint endpoint (!209764) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Require API authentication for GET CI Lint endpoint

Add authentication check to the GET :id/ci/lint endpoint to ensure requests are made with proper API authentication when a user session exists. This prevents inconsistent behavior when the endpoint is accessed through different authentication methods.

The check only applies when there is an authenticated user session but no API token present, requiring explicit API authentication for such requests.

The changes are behind the feature flag ci_require_api_token_for_ci_lint #578076.

Screenshots or screen recordings

While it works in CLI (unauthenticated):

and unauthenticated browser:

it gives an error on browser when authenticated:

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Oct 22, 2025 by Furkan Ayhan

Require API authentication for GET CI Lint endpoint

What does this MR do and why?

Screenshots or screen recordings

MR acceptance checklist

Merge request reports