- 04 Jul, 2017 1 commit
-
-
Paweł Chojnacki authored
-
- 14 Jun, 2017 1 commit
-
-
Sean McGivern authored
This instrumentation isn't needed strictly for performance measurements, but just to see which controller actions call this method at all. See <https://gitlab.com/gitlab-org/gitlab-ce/issues/30224#note_32306159> for more details.
-
- 02 Apr, 2017 1 commit
-
-
mhasbini authored
-
- 08 Mar, 2017 1 commit
-
-
Alejandro Rodríguez authored
Besides improving the error message to specify what exactly you need to do to solve the error, we now don't skip all storage validations on the test environment, so that you also get a nice error message if you're running tests. Now if conditions are met to skip valitaions (test env or env variable) we still make sure the settings _look_ sane, we just skip verifying the paths exists and meet the given conditions.
-
- 07 Mar, 2017 3 commits
-
-
Markus Koller authored
-
Markus Koller authored
-
Markus Koller authored
-
- 03 Mar, 2017 1 commit
-
-
Alejandro Rodríguez authored
This will be necessary when adding gitaly settings. This version doesn't make any functional changes, but allows us to include this breaking change in 9.0 and add the needed extra settings in the future with backwards compatibility
-
- 01 Mar, 2017 1 commit
-
-
Adam Niedzielski authored
This makes sure that Gitlab::Metrics::RackMiddleware is added before Gitlab::EtagCaching::Middleware.
-
- 23 Feb, 2017 1 commit
-
-
Douwe Maan authored
-
- 24 Jan, 2017 1 commit
-
-
Sean McGivern authored
An empty file in one of the instrumented directories will cause the app to fail to start when metrics are enabled. Metrics aren't enabled by default in development or test. We could handle the empty file case explicitly, but a file could still not define the constant it is expected to, so instead run the initializer manually in a spec and check that it succeeds.
-
- 09 Jan, 2017 1 commit
-
-
Adam Niedzielski authored
-
- 03 Aug, 2016 3 commits
-
-
Sean McGivern authored
If an environment variable exists for secret_key_base, use that - always. But don't save it to secrets.yml. Also ensure that we never write to secrets.yml if there's a non-blank value there.
-
Sean McGivern authored
Move the last secret from .secret to config/secrets.yml, and delete .secret if it exists.
-
Sean McGivern authored
.secret stores the secret token used for both encrypting login cookies and for encrypting stored OTP secrets. We can't rotate this, because that would invalidate all existing OTP secrets. If the secret token is present in the .secret file or an environment variable, save it as otp_key_base in secrets.yml. Now .secret can be rotated without invalidating OTP secrets. If the secret token isn't present (initial setup), then just generate a separate otp_key_base and save in secrets.yml. Update the docs to reflect that secrets.yml needs to be retained past upgrades, but .secret doesn't.
-
- 31 Jul, 2016 1 commit
-
-
lookatmike authored
-
- 24 Jul, 2016 1 commit
-
-
Stan Hu authored
Certain reverse proxies can send invalid IP addresses in the X-Forwarded-For header For example, Apache can send (null). Closes #20194
-
- 21 Jul, 2016 2 commits
-
-
Alejandro Rodríguez authored
Storage path are not created until `TestEnv.init`, so we must skip their validation on initialization.
-
Alejandro Rodríguez authored
-
- 01 Jul, 2016 1 commit
-
-
Grzegorz Bizon authored
-
- 30 Jun, 2016 2 commits
-
-
DJ Mountney authored
This allows us to control the trusted proxies while deployed in a private network. Normally Rack::Request will trust all private IPs as trusted proxies, which can caue problems if your users are connection on you network via private IP ranges. Normally in a rails app this is handled by action_dispatch request, but rack_attack is specifically using the Rack::Request object instead.
-
Alejandro Rodríguez authored
-
- 24 Jun, 2016 1 commit
-
-
Stan Hu authored
-
- 04 May, 2016 1 commit
-
-
DJ Mountney authored
Each test reloads the trusted_proxies initializer, which in turn will set Rails.application.config.action_dispatch.trusted_proxies to something new. This will leak into the other tests, but the middleware that it is used in has already been loaded for the whole test suite, so it should have no impact.
-
- 18 Jan, 2016 1 commit
-
-
Rémy Coutable authored
-