- 07 Aug, 2019 21 commits
-
-
GitLab Bot authored
-
Ash McKenzie authored
Add support for Content-Security-Policy Closes #65330 See merge request gitlab-org/gitlab-ce!31402
-
Ash McKenzie authored
[EE] Add support for Content-Security-Policy Closes gitlab-ce#65330 See merge request gitlab-org/gitlab-ee!14975
-
GitLab Bot authored
-
Thong Kuah authored
Provide separate namespaces for each project environment See merge request gitlab-org/gitlab-ce!30711
-
Tiger Watson authored
Kubernetes deployments on new clusters will now have a separate namespace per project environment, instead of sharing a single namespace for the project. Behaviour of existing clusters is unchanged. All new functionality is controlled by the :kubernetes_namespace_per_environment feature flag, which is safe to enable/disable at any time.
-
GitLab Bot authored
-
Evan Read authored
Follow-up: Tweak line to improve badge placement Closes #65417 See merge request gitlab-org/gitlab-ce!31528
-
Marcel Amirault authored
-
Evan Read authored
Follow-Up: Change code blocks to shell type Closes #65605 See merge request gitlab-org/gitlab-ce!31526
-
Marcel Amirault authored
-
Sanad Liaquat authored
Added a Secure E2E test for auto-remediation Closes #9192 See merge request gitlab-org/gitlab-ee!14945
-
Aleksandr Soborov authored
Updated selectors where necessary. Updated fixture and tests that have changed results.
-
GitLab Bot authored
-
Ash McKenzie authored
Resolve "Use Gitlab::HTTP in PrometheusClient instead of RestClient" Closes #60024 See merge request gitlab-org/gitlab-ce!31053
-
David Wilkins authored
- Closes #60024 - Change PrometheusClient.new to accept a base url instead of an already created RestClient - Use Gitlab::HTTP in PrometheusClient instead of creating RestClient in PrometheusService - Move http_options from PrometheusService to PrometheusClient (follow_redirects: false) - ensure that base urls don't have the trailing slash - Created a `PrometheusClient#url` method that might not be strictly required - Change rescued exceptions from RestClient::* to HTTParty::ResponseError where possible and StandardError for the rest
-
Stan Hu authored
A nonce-based Content-Security-Policy thwarts XSS attacks by allowing inline JavaScript to execute if the script nonce matches the header value. Rails 5.2 supports nonce-based Content-Security-Policy headers, so provide configuration to enable this and make it work. To support this, we need to change all `:javascript` HAML filters to the following form: ``` = javascript_tag nonce: true do :plain ... ``` We use `%script` throughout our HAML to store JSON and other text, but since this doesn't execute, browsers don't appear to block this content from being used and require the nonce value to be present. -
Evan Read authored
Docs - Update link in SSL_TLS Certificates Page to Let's Encrypt Intergration See merge request gitlab-org/gitlab-ce!30984
-
Dean Leggo authored
-
Stan Hu authored
A nonce-based Content-Security-Policy thwarts XSS attacks by allowing inline JavaScript to execute if the script nonce matches the header value. Rails 5.2 supports nonce-based Content-Security-Policy headers, so provide configuration to enable this and make it work. To support this, we need to change all `:javascript` HAML filters to the following form: ``` = javascript_tag nonce: true do :plain ... ``` We use `%script` throughout our HAML to store JSON and other text, but since this doesn't execute, browsers don't appear to block this content from being used and require the nonce value to be present. -
GitLab Bot authored
-
- 06 Aug, 2019 19 commits
-
-
Stan Hu authored
Fix nil take regression Closes #65725 See merge request gitlab-org/gitlab-ce!31554
-
Douglas Barbosa Alexandre authored
Add project security dashboard vulnerabilities endpoints Closes #12244 and #12381 See merge request gitlab-org/gitlab-ee!14896
-
Avielle Wolfe authored
* Adds Projects::Security::VulnerabilitiesController * Adds Projects::Security::DashboardHelper * Adds project security dashboard vulnerabilities routes * Includes Vulnerable module in Project Fixes https://gitlab.com/gitlab-org/gitlab-ee/issues/12381 and https://gitlab.com/gitlab-org/gitlab-ee/issues/12244
-
Matija Čupić authored
-
GitLab Bot authored
-
Dan Davison authored
Default number of GCP nodes to 1 See merge request gitlab-org/gitlab-ce!31497
-
Dan Davison authored
By defaulting to 3, there is unnecessary cost involved
-
Stan Hu authored
Remove GC metrics from performance bar Closes gitlab-org/quality/nightly#122 See merge request gitlab-org/gitlab-ce!31550
-
GitLab Bot authored
-
Douwe Maan authored
Add committer approval API attribute docs Closes #61796 See merge request gitlab-org/gitlab-ce!31538
-
Douwe Maan authored
Add committer approval API attribute Closes gitlab-ce#61796 See merge request gitlab-org/gitlab-ee!15019
-
Sean McGivern authored
These were disabled in production mode, but that also broke the rest of the performance bar. As they were only enabled in development mode, we can just remove them for now.
-
Robert Speicher authored
Add operations/environments_list Endpoint See merge request gitlab-org/gitlab-ee!14965
-
Jason Goodman authored
Use in Environments Dashboard Replicate basic operations/list functionality
-
GitLab Bot authored
-
Douglas Barbosa Alexandre authored
Update Packer.gitlab-ci.yml to use latest image See merge request gitlab-org/gitlab-ce!31548
-
GitLab Bot authored
-
James Ramsay authored
Merge Requests Approvals can be restricted to prevent the merge request author or merge request committers from self approving. The author restriction is already available in the API, but the committer restriction was not.
-
James Ramsay authored
Merge Requests Approvals can be restricted to prevent the merge request author or merge request committers from self approving. The author restriction is already available in the API, but the committer restriction was not.
-
