Commits · be105fe2f9e5c306fe0355f53bf144842826add6 · nexedi / gitlab-ce

07 Aug, 2019 1 commit

Add support for Content-Security-Policy · be105fe2

Stan Hu authored Aug 02, 2019

A nonce-based Content-Security-Policy thwarts XSS attacks by allowing
inline JavaScript to execute if the script nonce matches the header
value. Rails 5.2 supports nonce-based Content-Security-Policy headers,
so provide configuration to enable this and make it work.

To support this, we need to change all `:javascript` HAML filters to the
following form:

```
= javascript_tag nonce: true do
  :plain
    ...
```

We use `%script` throughout our HAML to store JSON and other text, but
since this doesn't execute, browsers don't appear to block this content
from being used and require the nonce value to be present.

be105fe2

06 Aug, 2019 6 commits
- Automatic merge of gitlab-org/gitlab-ce master · 88a905dd
  GitLab Bot authored Aug 06, 2019
  
  88a905dd
- Merge branch 'sh-use-redis-caching-store' into 'master' · fa216b0e
  Ash McKenzie authored Aug 06, 2019
```
Use Rails 5.2 Redis caching store

Closes #64794

See merge request gitlab-org/gitlab-ce!30966
```
  fa216b0e
- Automatic merge of gitlab-org/gitlab-ce master · 0261a17c
  GitLab Bot authored Aug 06, 2019
  
  0261a17c
- Merge branch 'docs-fix-links-to-low-weight-issues' into 'master' · 68221f50
  Ray Paik authored Aug 06, 2019
```
Fix links to unassigned, low weight issues for first time contributors

See merge request gitlab-org/gitlab-ce!31485
```
  68221f50
- Merge branch 'fix-diverging-counts-ruby2.5' into 'master' · f2b8f357
  Stan Hu authored Aug 06, 2019
```
(Really) Fix Ruby 2.5 compatibility for diverging counts of branches

Closes #64143

See merge request gitlab-org/gitlab-ce!31491
```
  f2b8f357
- Automatic merge of gitlab-org/gitlab-ce master · 88435e41
  GitLab Bot authored Aug 06, 2019
  
  88435e41
05 Aug, 2019 33 commits

Merge branch 'dblessing-fix-admin-user-radio-labels' into 'master' · 8adcc599
Clement Ho authored Aug 05, 2019
```
Fix Admin area user access level radio button labels

See merge request gitlab-org/gitlab-ce!31154
```
8adcc599
Merge branch 'dblessing-fix-admin-user-radio-labels-ee' into 'master' · 9ed88e6f
Clement Ho authored Aug 05, 2019
```
EE: Fix Admin area user access level radio button labels

See merge request gitlab-org/gitlab-ee!14844
```
9ed88e6f

Fix Admin area user access level radio button labels · 81f44275

Drew Blessing authored Jul 25, 2019

In the admin user edit form, access level radio button labels didn't have
the correct 'for' value. Clicking on the label did not select the radio
button. This makes usability a bit nicer since the click area is increased
when the label is clickable.

81f44275

Use Rails 5.2 Redis caching store · b5771bcc

Stan Hu authored Jul 19, 2019

This is the first step in providing a fault-tolerant and distributed
Redis caching store. We disable compression to avoid introducing a
change that could have an adverse effect in production.

Note that we won't be able to take advantage of the fault-tolerance and
distributed features yet until we solve
https://gitlab.com/gitlab-org/gitlab-ce/issues/64829.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/64794

b5771bcc

Fix Ruby 2.5 compatibility for diverging counts of branches · 33e10d70

Daniel Gerhardt authored Aug 05, 2019

!31480 does not fully restore compatibility because another Ruby 2.6
feature besides `Enumerable#filter` was used in commit ca5cd7b7. The use
of `Enumerable#to_h`'s block is now replaced by an explicit
`Enumerable#map` call.

Error message:

	TypeError (wrong element type Gitlab::Git::Branch at 0 (expected array)):
  	app/controllers/projects/branches_controller.rb:53:in `to_h'

See https://bugs.ruby-lang.org/issues/15143.

Fixes #64143.

33e10d70

Merge branch '12607-remove-mr-approval-rule-source-restriction' into 'master' · ba1d3da1
Douglas Barbosa Alexandre authored Aug 05, 2019
```
Remove validation of MR level approval rules in merge requests

See merge request gitlab-org/gitlab-ee!14968
```
ba1d3da1

EE: Fix Admin area user access level radio button labels · 919be140

Drew Blessing authored Jul 25, 2019

919be140

Automatic merge of gitlab-org/gitlab-ce master · f897d75e
GitLab Bot authored Aug 05, 2019

f897d75e
Merge branch '64831-add-padding-to-merged-by-widget' into 'master' · 029381b1
Clement Ho authored Aug 05, 2019
```
Resolve "Add padding to "merged by" widget"

Closes #64831

See merge request gitlab-org/gitlab-ce!30972
```
029381b1
Revert "Make status icon in merge widget borderless" · 96d10213
Marcel van Remmerden authored Aug 05, 2019
```
This reverts commit c3751046d217008404a0bd371e59d6ffd6734923.
```
96d10213
Merge branch 'ux-fixes-for-projects-dropdown-filter' into 'master' · f69c3c93
Fatih Acet authored Aug 05, 2019
```
UX fixes for projects dropdown filter

See merge request gitlab-org/gitlab-ee!14890
```
f69c3c93
UX fixes for projects dropdown filter · 043a67ac
Brandon Labuschagne authored Aug 05, 2019

043a67ac
Automatic merge of gitlab-org/gitlab-ce master · 1d6db92c
GitLab Bot authored Aug 05, 2019

1d6db92c
Merge branch 'renovate/gitlab-ui-5.x' into 'master' · d2aeae58
Clement Ho authored Aug 05, 2019
```
Update dependency @gitlab/ui to v5.14.0

See merge request gitlab-org/gitlab-ce!31482
```
d2aeae58
Merge branch 'fix-admin-notes' into 'master' · 2e7c46ac
Paul Slaughter authored Aug 05, 2019
```
Fix admin notes internationalization text

See merge request gitlab-org/gitlab-ee!15001
```
2e7c46ac
Fix admin notes internationalization text · 4e1b61b1
Clement Ho authored Aug 05, 2019

4e1b61b1
Automatic merge of gitlab-org/gitlab-ce master · 6aab0a1c
GitLab Bot authored Aug 05, 2019

6aab0a1c
Merge branch 'rz_extend_plugins' into 'master' · 0555bc64
Evan Read authored Aug 05, 2019
```
Add example to plugins file

See merge request gitlab-org/gitlab-ce!30508
```
0555bc64
Add example to plugins file · 79a39a5c
Ronald van Zon authored Aug 05, 2019

79a39a5c
Merge branch 'docs-add-gitlabci-file' into 'master' · baaba23f
Evan Read authored Aug 05, 2019
```
Add description how to set custom CI file

See merge request gitlab-org/gitlab-ce!31445
```
baaba23f
Add description how to set custom CI file · fd2862fd
Alexander Tanayno authored Aug 05, 2019

fd2862fd
Merge branch 'fix-name-vs-path-problem-for-cycle-analytics' into 'master' · 881052b8
Mayra Cabrera authored Aug 05, 2019
```
Fix error on project name

See merge request gitlab-org/gitlab-ce!31471
```
881052b8
Fix error on project name · 6c5e9480
Gosia Ksionek authored Aug 05, 2019
```
Add project path to sql query to build proper path
```
6c5e9480
Automatic merge of gitlab-org/gitlab-ce master · e3c2ec2c
GitLab Bot authored Aug 05, 2019

e3c2ec2c
Update CHANGELOG.md for 12.1.4 · 1dfbb27f
GitLab Release Tools Bot authored Aug 05, 2019
```
[ci skip]
```
1dfbb27f
Update CHANGELOG.md for 12.1.4 · 84aa760b
GitLab Release Tools Bot authored Aug 05, 2019
```
[ci skip]
```
84aa760b
Update CHANGELOG-EE.md for 12.1.4-ee · 2980ac19
GitLab Release Tools Bot authored Aug 05, 2019
```
[ci skip]
```
2980ac19
Automatic merge of gitlab-org/gitlab-ce master · 52520685
GitLab Bot authored Aug 05, 2019

52520685
Merge branch '26866-api-endpoint-to-list-the-docker-images-tags-of-a-group' into 'master' · 926def1f
Mayra Cabrera authored Aug 05, 2019
```
Resolve "API endpoint to list the Docker images/tags of a group"

See merge request gitlab-org/gitlab-ce!30817
```
926def1f

Add group level container repository endpoints · 3dbf3997

Steve Abrams authored Aug 05, 2019

API endpoints for requesting container repositories
and container repositories with their tag information
are enabled for users that want to specify the group
containing the repository rather than the specific project.

3dbf3997

Merge branch 'andr3-design-management-avoid-distorted-images' into 'master' · ed15779a
Paul Slaughter authored Aug 05, 2019
```
Make thumbnails in design lists not distorted

See merge request gitlab-org/gitlab-ee!14670
```
ed15779a

Make thumbnails in design lists not distorted · e4f2f561

André Luís authored Aug 05, 2019

This change basically makes use of flexbox features
to have the images be vertically centered instead of
stretched vertically, which was distorting images'
original ratio.

Also updates the jest snapshots with the new markup.

e4f2f561

Remove validation of MR level approval rules in MR · 4081fbd1

Patrick Bajao authored Aug 05, 2019

This removes `MergeRequest#validate_approval_rule_source` which
was responsible to check whether the MR level approval rules
matches the existing project level rules.

Added the validation in `ApprovalMergeRequestRule` to check if the
project of `approval_project_rule` matches the merge request's
project. This way we can ensure that the source rule should still
be in the same project.

This will make the logic simpler for the upcoming API to create
MR level approval rules.

4081fbd1