Add CSRF protection to the web application
I consider it not needed for the API, as it is not used by the web application, and needs a special API token that is not stored in your browser's session.
How to register an account on GitLab. Due to spam, new accounts are locked until approved by an admin or the approver bot. Your GitLab account gets automatically approved within one hour if you are a member of Trusted Contributors in Gerrit, or a member of the Trusted-Contributors group in Phabricator and linked your Developer account to your Phabricator account. If none of these apply, you can file an unlock request to expedite access.
Take the 2024 Developer Satisfaction Survey (privacy statement) to help identify areas for improvement and measure satisfaction within the Wikimedia developer community.
Support: mw:GitLab, how to host a project on GitLab, #wikimedia-gitlab on libera.chat, #GitLab on Phabricator.
I consider it not needed for the API, as it is not used by the web application, and needs a special API token that is not stored in your browser's session.