Merge branch 'revert-sri' into 'master'

Revert Subresource Integrity pending a fix for Firefox's incorrect hashing implementation. Per the discussion in #18230, Firefox support is broken :( cc: @jschatz1 See merge request !4943

Merge branch 'revert-sri' into 'master'
Revert Subresource Integrity pending a fix for Firefox's incorrect hashing implementation. Per the discussion in #18230, Firefox support is broken :( cc: @jschatz1 See merge request !4943
89506940 · Jacob Schatz · 3659992c · 47b9b162 · 89506940 · 89506940
Commit 89506940 authored Jun 27, 2016 by Jacob Schatz
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 5 deletions

CHANGELOG CHANGELOG +0 -1

app/helpers/javascript_helper.rb app/helpers/javascript_helper.rb +1 -1

app/views/layouts/_head.html.haml app/views/layouts/_head.html.haml +3 -3

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -8,7 +8,6 @@ v 8.10.0 (unreleased)
  - Fix MR-auto-close text added to description. !4836
  - Fix pagination when sorting by columns with lots of ties (like priority)
  - Exclude email check from the standard health check
-  - Implement Subresource Integrity for CSS and JavaScript assets. This prevents malicious assets from loading in the case of a CDN compromise.
  - Fix changing issue state columns in milestone view
  - Fix user creation with stronger minimum password requirements !4054 (nathan-pmt)
  - Add API endpoint for a group issues !4520 (mahcsig)

--- a/app/helpers/javascript_helper.rb
+++ b/app/helpers/javascript_helper.rb
 module JavascriptHelper
  def page_specific_javascript_tag(js)
-    javascript_include_tag asset_path(js), { integrity: true, "data-turbolinks-track" => true }
+    javascript_include_tag asset_path(js), { "data-turbolinks-track" => true }
  end
 end
--- a/app/views/layouts/_head.html.haml
+++ b/app/views/layouts/_head.html.haml
@@ -25,10 +25,10 @@

  = favicon_link_tag 'favicon.ico'

-  = stylesheet_link_tag "application", media: "all", integrity: true
-  = stylesheet_link_tag "print",       media: "print", integrity: true
+  = stylesheet_link_tag "application", media: "all"
+  = stylesheet_link_tag "print",       media: "print"

-  = javascript_include_tag "application", integrity: true
+  = javascript_include_tag "application"

  - if content_for?(:page_specific_javascripts)
    = yield :page_specific_javascripts