- 07 Aug, 2019 1 commit
-
-
Stan Hu authored
A nonce-based Content-Security-Policy thwarts XSS attacks by allowing inline JavaScript to execute if the script nonce matches the header value. Rails 5.2 supports nonce-based Content-Security-Policy headers, so provide configuration to enable this and make it work. To support this, we need to change all `:javascript` HAML filters to the following form: ``` = javascript_tag nonce: true do :plain ... ``` We use `%script` throughout our HAML to store JSON and other text, but since this doesn't execute, browsers don't appear to block this content from being used and require the nonce value to be present.
-
- 06 Aug, 2019 6 commits
-
-
GitLab Bot authored
-
Ash McKenzie authored
Use Rails 5.2 Redis caching store Closes #64794 See merge request gitlab-org/gitlab-ce!30966
-
GitLab Bot authored
-
Ray Paik authored
Fix links to unassigned, low weight issues for first time contributors See merge request gitlab-org/gitlab-ce!31485
-
Stan Hu authored
(Really) Fix Ruby 2.5 compatibility for diverging counts of branches Closes #64143 See merge request gitlab-org/gitlab-ce!31491
-
GitLab Bot authored
-
- 05 Aug, 2019 33 commits
-
-
Clement Ho authored
Fix Admin area user access level radio button labels See merge request gitlab-org/gitlab-ce!31154
-
Clement Ho authored
EE: Fix Admin area user access level radio button labels See merge request gitlab-org/gitlab-ee!14844
-
Drew Blessing authored
In the admin user edit form, access level radio button labels didn't have the correct 'for' value. Clicking on the label did not select the radio button. This makes usability a bit nicer since the click area is increased when the label is clickable.
-
Stan Hu authored
This is the first step in providing a fault-tolerant and distributed Redis caching store. We disable compression to avoid introducing a change that could have an adverse effect in production. Note that we won't be able to take advantage of the fault-tolerance and distributed features yet until we solve https://gitlab.com/gitlab-org/gitlab-ce/issues/64829. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/64794
-
Daniel Gerhardt authored
!31480 does not fully restore compatibility because another Ruby 2.6 feature besides `Enumerable#filter` was used in commit ca5cd7b7. The use of `Enumerable#to_h`'s block is now replaced by an explicit `Enumerable#map` call. Error message: TypeError (wrong element type Gitlab::Git::Branch at 0 (expected array)): app/controllers/projects/branches_controller.rb:53:in `to_h' See https://bugs.ruby-lang.org/issues/15143. Fixes #64143.
-
Douglas Barbosa Alexandre authored
Remove validation of MR level approval rules in merge requests See merge request gitlab-org/gitlab-ee!14968
-
Drew Blessing authored
In the admin user edit form, access level radio button labels didn't have the correct 'for' value. Clicking on the label did not select the radio button. This makes usability a bit nicer since the click area is increased when the label is clickable.
-
GitLab Bot authored
-
Clement Ho authored
Resolve "Add padding to "merged by" widget" Closes #64831 See merge request gitlab-org/gitlab-ce!30972
-
Marcel van Remmerden authored
This reverts commit c3751046d217008404a0bd371e59d6ffd6734923.
-
Fatih Acet authored
UX fixes for projects dropdown filter See merge request gitlab-org/gitlab-ee!14890
-
Brandon Labuschagne authored
-
GitLab Bot authored
-
Clement Ho authored
Update dependency @gitlab/ui to v5.14.0 See merge request gitlab-org/gitlab-ce!31482
-
Paul Slaughter authored
Fix admin notes internationalization text See merge request gitlab-org/gitlab-ee!15001
-
Clement Ho authored
-
GitLab Bot authored
-
Evan Read authored
Add example to plugins file See merge request gitlab-org/gitlab-ce!30508
-
Ronald van Zon authored
-
Evan Read authored
Add description how to set custom CI file See merge request gitlab-org/gitlab-ce!31445
-
Alexander Tanayno authored
-
Mayra Cabrera authored
Fix error on project name See merge request gitlab-org/gitlab-ce!31471
-
Gosia Ksionek authored
Add project path to sql query to build proper path
-
GitLab Bot authored
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Release Tools Bot authored
[ci skip]
-
GitLab Bot authored
-
Mayra Cabrera authored
Resolve "API endpoint to list the Docker images/tags of a group" See merge request gitlab-org/gitlab-ce!30817
-
Steve Abrams authored
API endpoints for requesting container repositories and container repositories with their tag information are enabled for users that want to specify the group containing the repository rather than the specific project.
-
Paul Slaughter authored
Make thumbnails in design lists not distorted See merge request gitlab-org/gitlab-ee!14670
-
André Luís authored
This change basically makes use of flexbox features to have the images be vertically centered instead of stretched vertically, which was distorting images' original ratio. Also updates the jest snapshots with the new markup.
-
Patrick Bajao authored
This removes `MergeRequest#validate_approval_rule_source` which was responsible to check whether the MR level approval rules matches the existing project level rules. Added the validation in `ApprovalMergeRequestRule` to check if the project of `approval_project_rule` matches the merge request's project. This way we can ensure that the source rule should still be in the same project. This will make the logic simpler for the upcoming API to create MR level approval rules.
-