- 07 Aug, 2019 1 commit
-
-
Stan Hu authored
A nonce-based Content-Security-Policy thwarts XSS attacks by allowing inline JavaScript to execute if the script nonce matches the header value. Rails 5.2 supports nonce-based Content-Security-Policy headers, so provide configuration to enable this and make it work. To support this, we need to change all `:javascript` HAML filters to the following form: ``` = javascript_tag nonce: true do :plain ... ``` We use `%script` throughout our HAML to store JSON and other text, but since this doesn't execute, browsers don't appear to block this content from being used and require the nonce value to be present.
-
- 06 Aug, 2019 3 commits
-
-
Ash McKenzie authored
Use Rails 5.2 Redis caching store Closes #64794 See merge request gitlab-org/gitlab-ce!30966
-
Ray Paik authored
Fix links to unassigned, low weight issues for first time contributors See merge request gitlab-org/gitlab-ce!31485
-
Stan Hu authored
(Really) Fix Ruby 2.5 compatibility for diverging counts of branches Closes #64143 See merge request gitlab-org/gitlab-ce!31491
-
- 05 Aug, 2019 36 commits
-
-
Clement Ho authored
Fix Admin area user access level radio button labels See merge request gitlab-org/gitlab-ce!31154
-
Drew Blessing authored
In the admin user edit form, access level radio button labels didn't have the correct 'for' value. Clicking on the label did not select the radio button. This makes usability a bit nicer since the click area is increased when the label is clickable.
-
Stan Hu authored
This is the first step in providing a fault-tolerant and distributed Redis caching store. We disable compression to avoid introducing a change that could have an adverse effect in production. Note that we won't be able to take advantage of the fault-tolerance and distributed features yet until we solve https://gitlab.com/gitlab-org/gitlab-ce/issues/64829. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/64794
-
Daniel Gerhardt authored
!31480 does not fully restore compatibility because another Ruby 2.6 feature besides `Enumerable#filter` was used in commit ca5cd7b7. The use of `Enumerable#to_h`'s block is now replaced by an explicit `Enumerable#map` call. Error message: TypeError (wrong element type Gitlab::Git::Branch at 0 (expected array)): app/controllers/projects/branches_controller.rb:53:in `to_h' See https://bugs.ruby-lang.org/issues/15143. Fixes #64143.
-
Clement Ho authored
Resolve "Add padding to "merged by" widget" Closes #64831 See merge request gitlab-org/gitlab-ce!30972
-
Marcel van Remmerden authored
This reverts commit c3751046d217008404a0bd371e59d6ffd6734923.
-
Clement Ho authored
Update dependency @gitlab/ui to v5.14.0 See merge request gitlab-org/gitlab-ce!31482
-
Evan Read authored
Add example to plugins file See merge request gitlab-org/gitlab-ce!30508
-
Ronald van Zon authored
-
Evan Read authored
Add description how to set custom CI file See merge request gitlab-org/gitlab-ce!31445
-
Alexander Tanayno authored
-
Mayra Cabrera authored
Fix error on project name See merge request gitlab-org/gitlab-ce!31471
-
Gosia Ksionek authored
Add project path to sql query to build proper path
-
GitLab Release Tools Bot authored
[ci skip]
-
Mayra Cabrera authored
Resolve "API endpoint to list the Docker images/tags of a group" See merge request gitlab-org/gitlab-ce!30817
-
Steve Abrams authored
API endpoints for requesting container repositories and container repositories with their tag information are enabled for users that want to specify the group containing the repository rather than the specific project.
-
Douglas Barbosa Alexandre authored
Only track Redis calls if Peek is enabled See merge request gitlab-org/gitlab-ce!31438
-
Clement Ho authored
Removed external dashboard legend border Closes #64675 See merge request gitlab-org/gitlab-ce!31407
-
Olena Horal-Koretska authored
-
Clement Ho authored
Fixed bug from extra parenthesis Closes #63474 See merge request gitlab-org/gitlab-ce!31479
-
Lukas Eipert authored
-
Evan Read authored
Bring diagnostics_tools.md from debug project to docs See merge request gitlab-org/gitlab-ce!31399
-
Marcel Amirault authored
-
Evan Read authored
Document when quotes aren't needed for quick actions Closes #63735 See merge request gitlab-org/gitlab-ce!31338
-
Sean McGivern authored
-
Stan Hu authored
Add missing timezone when copying legacy artifacts (ci_builds) See merge request gitlab-org/gitlab-ce!31447
-
Robert Speicher authored
Updates security templates [ci skip] See merge request gitlab-org/gitlab-ce!31431
-
John Skarbek authored
-
Michael Kozono authored
Use stubbed key and certificate in Helm factory See merge request gitlab-org/gitlab-ce!31169
-
Stan Hu authored
Use select instead of filter to support 2.5 See merge request gitlab-org/gitlab-ce!31480
-
Igor authored
-
John Hope authored
-
Marcia Ramos authored
Add shell scripting guides to development README Closes #64016 See merge request gitlab-org/gitlab-ce!31467
-
Victor Zagorodny authored
-
Achilleas Pipinellis authored
Update Unicorn Worker recommendation See merge request gitlab-org/gitlab-ce!31404
-
Achilleas Pipinellis authored
Docs - Strongly discourage installing ES on the same server as GitLab See merge request gitlab-org/gitlab-ce!30169
-