- 03 Mar, 2017 3 commits
-
-
Mike Greiling authored
-
Mike Greiling authored
-
Mike Greiling authored
-
- 15 Feb, 2017 1 commit
-
-
Simon Knox authored
-
- 02 Feb, 2017 2 commits
-
-
Bryce Johnson authored
-
Bryce Johnson authored
-
- 10 Jan, 2017 1 commit
-
-
Mike Greiling authored
-
- 06 Jan, 2017 2 commits
-
-
Mike Greiling authored
-
Mike Greiling authored
Add the following line to GDK Procfile to play with it: webpack: exec support/exec-cd gitlab npm run dev-server
-
- 31 Dec, 2016 1 commit
-
-
Kushal Pandya authored
-
- 25 Nov, 2016 1 commit
-
-
Yorick Peterse authored
With events no longer being cached this is no longer needed.
-
- 27 Jun, 2016 1 commit
-
-
Connor Shea authored
-
- 23 Jun, 2016 2 commits
-
-
Connor Shea authored
-
Connor Shea authored
This makes larger libraries more cacheable and will allow us to use SRI with the dynamically included libraries.
-
- 22 Jun, 2016 2 commits
-
-
Connor Shea authored
-
Connor Shea authored
This prevents compromised or malicious CDNs from modifying assets. The hash provided by Rails is compared to the hash of the asset the browser has downloaded. The browser will refuse to execute/parse the assets if the hashes don't match. SRI is currently implemented in Firefox, Chrome, and Opera. More information is available in #18230 and on MDN: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity This doesn't apply to the dynamically-generated per-page JavaScript due to a bug in sprockets-rails (https://github.com/rails/sprockets-rails/issues/359).
-
- 06 Jun, 2016 1 commit
-
-
Timothy Andrew authored
- Turbolinks caches the `head`, so `gon` updates don't show up unless the user navigates to page directly (by URL) or performs a refresh. - The solution is to render `gon` in the body instead. - Also update the syntax to the new Rails 4 (according to the gon README) syntax.
-
- 03 Jun, 2016 2 commits
-
-
James Lopez authored
This reverts commit 3e991230.
-
James Lopez authored
# Conflicts: # app/models/project.rb
-
- 02 Jun, 2016 1 commit
-
-
Connor Shea authored
-
- 18 Feb, 2016 1 commit
-
-
Robert Speicher authored
See http://apple.co/1SCRzrw Closes #13540 [ci skip]
-
- 06 Jan, 2016 1 commit
-
-
Douwe Maan authored
-
- 01 Jan, 2016 1 commit
-
-
Robert Speicher authored
While Safari supports the policy, it does not (currently, as of 9.x) recognize `origin-when-cross-origin` as a valid value, so we omit the policy entirely under Safari. Closes #5609
-
- 25 Dec, 2015 4 commits
-
-
Douwe Maan authored
-
Douwe Maan authored
-
Douwe Maan authored
-
Douwe Maan authored
-
- 24 Dec, 2015 2 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
-
- 23 Dec, 2015 2 commits
-
-
Robert Speicher authored
A limited number of pages have defined their own descriptions, but otherwise we default to the Project's description (if `@project` is set), or the old `brand_title` fallback. The image will either be the uploaded project icon (never a generated one), the user's uploaded icon or Gravatar, or, finally, the GitLab logo.
-
Robert Speicher authored
-
- 03 Oct, 2015 1 commit
-
-
Geoffrey Challen authored
-
- 08 Sep, 2015 1 commit
-
-
Patricio Cano authored
Added meta tag for referrer, so that only the origin is sent to third party sites, instead of the entire URL, thus avoiding the leak of sensitive information like password reset tokens.
-
- 06 Aug, 2015 1 commit
-
-
Douwe Maan authored
-
- 10 Jul, 2015 1 commit
-
-
Robert Speicher authored
-
- 09 Jul, 2015 2 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
-
- 09 Jun, 2015 1 commit
-
-
Douwe Maan authored
-
- 05 Jun, 2015 1 commit
-
-
Douwe Maan authored
-
- 30 Apr, 2015 1 commit
-
-
Douwe Maan authored
-