Commits · 33554c9302bcd182ee45ab120c4bb5eac5138962 · nexedi / gitlab-ce

08 Feb, 2021 1 commit

Don't modify env in request forgery protection · 33554c93

Bob Van Landuyt authored Feb 08, 2021

This avoids modifying the Rack-env in request forgery protection.

If we do allow the env to be modified, this would cause requests made
to our public API by our own frontend to be incorrectly recorded in
metrics and logs.

The Gitlab::RequestForgeryProtection::Controller and it's index action
would be recorded as the caller instead of the actual endpoint being
called.

33554c93

02 Feb, 2021 39 commits
- Merge branch 'vs-sync-scss-lint-stylelint-rules' into 'master' · e8c3cd84
  Natalia Tepluhina authored Feb 02, 2021
```
Sync scss-lint rules and stylelint

See merge request gitlab-org/gitlab!53122
```
  e8c3cd84
- Sync scss-lint rules and stylelint · d5e7549a
  Vitaly Slobodin authored Feb 02, 2021
  
  d5e7549a
- Merge branch 'yo-gl-new-input' into 'master' · 5811141f
  Nicolò Maria Mezzopera authored Feb 02, 2021
```
Apply new GitLab UI for form inputs project settings page

See merge request gitlab-org/gitlab!52097
```
  5811141f
- Apply new GitLab UI for form inputs project settings page · 1c483f7f
  Yogi authored Feb 02, 2021
  
  1c483f7f
- Merge branch 'psi-create-new-list' into 'master' · 99676bd2
  Phil Hughes authored Feb 02, 2021
```
Add board_new_list feature flag and placeholder [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!52869
```
  99676bd2
- Add board_new_list feature flag and placeholder · 7dac22e9
  Simon Knox authored Feb 02, 2021
```
Button currently doesn't do anything
```
  7dac22e9
- Merge branch 'fix-crosssloterror-with-no-keys' into 'master' · a0d465de
  Alex Kalderimis authored Feb 02, 2021
```
Don't raise CrossSlotError when no keys given

See merge request gitlab-org/gitlab!52887
```
  a0d465de
- Merge branch '291170-issue-mr-list-tabs-icons-sometimes-display-as' into 'master' · c89d94e5
  Nick Thomas authored Feb 02, 2021
```
Resolve "Issue/MR list tabs - Icons sometimes display as ?"

See merge request gitlab-org/gitlab!52698
```
  c89d94e5
- Merge branch... · 752a9ca3
  Alper Akgun authored Feb 02, 2021
```
Merge branch '300532-document-feature-flags-for-tracking-to-be-owned-by-group-adding-the-tracking' into 'master'

Document feature flags for tracking to be owned by group adding the tracking

See merge request gitlab-org/gitlab!53012
```
  752a9ca3
- Merge branch 'ph/requestReviewBackend' into 'master' · b4b17286
  Kushal Pandya authored Feb 02, 2021
```
Added backend for requesting a new review

See merge request gitlab-org/gitlab!52321
```
  b4b17286
- Don't raise CrossSlotError when no keys given · 3a8a4ced
  Sean McGivern authored Jan 29, 2021
```
When no keys are passed to a Redis command that accepts multiple keys,
that's an error. But it's not a cross-slot violation, as there are no
slots. By raising this error we were masking the true
Redis::CommandError underneath, which is bad for two reasons:

1. It's confusing to developers.
2. It leads to a different failure in production to development and
   test.

To elaborate a bit more on the second point: the purpose of the
CrossSlotError is to only be an _additional_ error in development and
test, but it shouldn't _replace_ underlying errors as that can cause
issues like this one.
```
  3a8a4ced
- Merge branch... · 5e545e73
  Kushal Pandya authored Feb 02, 2021
```
Merge branch '289973-refactor-jquery-to-vanilla-js-app-assets-javascripts-jira_connect-index-js' into 'master'

Refactor jQuery to Vanilla JS: app/assets/javascripts/jira_connect/index.js

See merge request gitlab-org/gitlab!52286
```
  5e545e73
- Address reviewer feedback · 8a2b745d
  Tom Quirk authored Feb 02, 2021
```
- fix class for "Remove subscription" button
- remove jquery script tag
- consolidate js specs
- apply jira_connect/api diff
```
  8a2b745d
- Merge branch 'ali/bump-standard-context-version' into 'master' · a9f0580a
  Patrick Bajao authored Feb 02, 2021
```
Bump Snowplow standard schema version to 1-0-3

See merge request gitlab-org/gitlab!53062
```
  a9f0580a
- Merge branch '249550-remove-feature-flag-for-core-mr-widget' into 'master' · 18308017
  Savas Vedova authored Feb 02, 2021
```
Remove core_security_mr_widget feature flag

See merge request gitlab-org/gitlab!53066
```
  18308017
- Merge branch '297659-remove-unused-deploy-board-callout-data' into 'master' · 4e59e7f2
  Igor Drozdov authored Feb 02, 2021
```
Remove unused frontend variables from environments page

See merge request gitlab-org/gitlab!52763
```
  4e59e7f2
- Merge branch '271263-piwik-support-the-disabling-of-cookies' into 'master' · 620bf1c9
  Martin Wortschack authored Feb 02, 2021
```
Matomo: Support the disabling of cookies

See merge request gitlab-org/gitlab!52831
```
  620bf1c9
- Merge branch 'aqualls-api-definition-spelling' into 'master' · fafb3dd6
  Matthias Käppler authored Feb 02, 2021
```
Spelling fixes, API definitions

See merge request gitlab-org/gitlab!52951
```
  fafb3dd6
- Spelling fixes, API definitions · 1dc868db
  Amy Qualls authored Feb 02, 2021
```
Fixing spelling and capitalization in various API definitions. Not
making changes to anything else; just the user-facing definition part.
```
  1dc868db
- Merge branch 'yo-gl-new-ui-admin-hooks' into 'master' · 8da0de32
  Martin Wortschack authored Feb 02, 2021
```
Apply new GitLab UI for input field in admin/hooks

See merge request gitlab-org/gitlab!52412
```
  8da0de32
- Apply new GitLab UI for input field in admin/hooks · f4b7bf51
  Yogi authored Feb 02, 2021
  
  f4b7bf51
- Merge branch '10io-fix-faraday-gitlab-middleware-register' into 'master' · ce925faa
  Matthias Käppler authored Feb 02, 2021
```
Move Faraday middlewares register to an initializer

See merge request gitlab-org/gitlab!53019
```
  ce925faa
- Merge branch 'yo-gl-badge-users-admin' into 'master' · ed2c9ac1
  Kushal Pandya authored Feb 02, 2021
```
Apply new GitLab UI badge for users in the admin page

See merge request gitlab-org/gitlab!52289
```
  ed2c9ac1
- Merge branch '299057-fj-add-update-repository-storage-service' into 'master' · 02c1315b
  Markus Koller authored Feb 02, 2021
```
Create Groups::UpdateRepositoryStorageService service

See merge request gitlab-org/gitlab!52687
```
  02c1315b
- Merge branch 'fix-merge-trains-cannot-be-retried' into 'master' · ae1b9ca4
  Bob Van Landuyt authored Feb 02, 2021
```
Fix retry option doesn't work in Merge Trains

See merge request gitlab-org/gitlab!52463
```
  ae1b9ca4
- Merge branch '296856-prevent-creating-duplicate-pipelines-manually' into 'master' · d9b8493c
  Miguel Rincon authored Feb 02, 2021
```
Prevent creating duplicate pipelines manually

See merge request gitlab-org/gitlab!51076
```
  d9b8493c
- Prevent creating duplicate pipelines manually · 94e59dae
  Kev authored Feb 02, 2021
  
  94e59dae
- Merge branch 'feat/bypass-admin-mode-on-git' into 'master' · 20775a7c
  Imre Farkas authored Feb 02, 2021
```
Bypass admin mode for internal api operations

See merge request gitlab-org/gitlab!52697
```
  20775a7c
- Merge branch 'lm-adds-gitaly-call-label' into 'master' · 2339daba
  charlie ablett authored Feb 02, 2021
```
Adds calls_gitaly to label DetailedStatus

See merge request gitlab-org/gitlab!52708
```
  2339daba
- Merge branch '300462-fix-instances-of-monthy' into 'master' · 22bd41de
  Nick Thomas authored Feb 02, 2021
```
Fix instances of "monthy"

See merge request gitlab-org/gitlab!52970
```
  22bd41de
- Merge branch 'the-definition-of-job-in-gitlab-cicd' into 'master' · b69dff45
  Grzegorz Bizon authored Feb 02, 2021
```
Documentation for the definition of "Job" in GitLab CI/CD

See merge request gitlab-org/gitlab!53026
```
  b69dff45
- Merge branch '299420_fix_update_occurrence_severity_column_spec' into 'master' · 250399ff
  Bob Van Landuyt authored Feb 02, 2021
```
Remove rubocop cop disable

See merge request gitlab-org/gitlab!52911
```
  250399ff
- Merge branch 'fix-hardcoded-ids-in-projects-spec' into 'master' · 4d377b4a
  Mikołaj Wawrzyniak authored Feb 02, 2021
```
Fix hardcoded ids in projects API tests

See merge request gitlab-org/gitlab!53036
```
  4d377b4a
- Merge branch '296669-migration-support-customizable-timeouts-for-git-cli-2fa' into 'master' · d2ef64ae
  Alper Akgun authored Feb 02, 2021
```
Resolve "Add column for feature: Support customizable timeouts for git CLI 2FA"

See merge request gitlab-org/gitlab!52761
```
  d2ef64ae
- Add git_two_factor_session_expiry column to application_settings table · ce353b17
  Manoj M J authored Feb 02, 2021
```
This change  adds a new column named
`git_two_factor_session_expiry` to the
`application_settings` table.
```
  ce353b17
- Merge branch 'new-tab-links' into 'master' · ad951dcf
  Kushal Pandya authored Feb 02, 2021
```
Updated links to open in a new tab

See merge request gitlab-org/gitlab!52948
```
  ad951dcf
- Updated links to open in a new tab · f1b0f269
  Suzanne Selhorn authored Feb 02, 2021
  
  f1b0f269
- Create service to move groups repository storage · bb8723f2
  Francisco Javier López authored Jan 27, 2021
```
In this commit we introduce a service used to move
group storage from one shard to another. This is very similar
to what has been implemented for projects and snippets.
```
  bb8723f2
- Merge branch '299504-epic-swimlanes-negated-filters-not-filtering' into 'master' · f3d7d063
  Vitaly Slobodin authored Feb 02, 2021
```
Swimlanes - Support negated filters [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!52449
```
  f3d7d063