- 22 Jun, 2016 2 commits
-
-
Connor Shea authored
-
Connor Shea authored
This prevents compromised or malicious CDNs from modifying assets. The hash provided by Rails is compared to the hash of the asset the browser has downloaded. The browser will refuse to execute/parse the assets if the hashes don't match. SRI is currently implemented in Firefox, Chrome, and Opera. More information is available in #18230 and on MDN: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity This doesn't apply to the dynamically-generated per-page JavaScript due to a bug in sprockets-rails (https://github.com/rails/sprockets-rails/issues/359).
-
- 06 Jun, 2016 1 commit
-
-
Timothy Andrew authored
- Turbolinks caches the `head`, so `gon` updates don't show up unless the user navigates to page directly (by URL) or performs a refresh. - The solution is to render `gon` in the body instead. - Also update the syntax to the new Rails 4 (according to the gon README) syntax.
-
- 03 Jun, 2016 2 commits
-
-
James Lopez authored
This reverts commit 3e991230.
-
James Lopez authored
# Conflicts: # app/models/project.rb
-
- 02 Jun, 2016 1 commit
-
-
Connor Shea authored
-
- 18 Feb, 2016 1 commit
-
-
Robert Speicher authored
See http://apple.co/1SCRzrw Closes #13540 [ci skip]
-
- 06 Jan, 2016 1 commit
-
-
Douwe Maan authored
-
- 01 Jan, 2016 1 commit
-
-
Robert Speicher authored
While Safari supports the policy, it does not (currently, as of 9.x) recognize `origin-when-cross-origin` as a valid value, so we omit the policy entirely under Safari. Closes #5609
-
- 25 Dec, 2015 4 commits
-
-
Douwe Maan authored
-
Douwe Maan authored
-
Douwe Maan authored
-
Douwe Maan authored
-
- 24 Dec, 2015 2 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
-
- 23 Dec, 2015 2 commits
-
-
Robert Speicher authored
A limited number of pages have defined their own descriptions, but otherwise we default to the Project's description (if `@project` is set), or the old `brand_title` fallback. The image will either be the uploaded project icon (never a generated one), the user's uploaded icon or Gravatar, or, finally, the GitLab logo.
-
Robert Speicher authored
-
- 03 Oct, 2015 1 commit
-
-
Geoffrey Challen authored
-
- 08 Sep, 2015 1 commit
-
-
Patricio Cano authored
Added meta tag for referrer, so that only the origin is sent to third party sites, instead of the entire URL, thus avoiding the leak of sensitive information like password reset tokens.
-
- 06 Aug, 2015 1 commit
-
-
Douwe Maan authored
-
- 10 Jul, 2015 1 commit
-
-
Robert Speicher authored
-
- 09 Jul, 2015 2 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
-
- 09 Jun, 2015 1 commit
-
-
Douwe Maan authored
-
- 05 Jun, 2015 1 commit
-
-
Douwe Maan authored
-
- 30 Apr, 2015 1 commit
-
-
Douwe Maan authored
-
- 26 Apr, 2015 1 commit
-
-
Sullivan SENECHAL authored
-
- 23 Apr, 2015 1 commit
-
-
Douwe Maan authored
-
- 20 Apr, 2015 1 commit
-
-
Robert Speicher authored
-
- 01 Apr, 2015 1 commit
-
-
Sullivan SENECHAL authored
-
- 03 Mar, 2015 2 commits
-
-
Douwe Maan authored
-
Douwe Maan authored
Revert "Merge branch 'go-get-workaround-nginx' of https://github.com/mattes/gitlabhq into mattes-go-get-workaround-nginx" This reverts commit 51349ca3, reversing changes made to b180476b.
-
- 14 Feb, 2015 1 commit
-
-
Vinnie Okada authored
Make the following changes to deal with new behavior in Rails 4.1.2: * Use nested resources to avoid slashes in arguments to path helpers.
-
- 09 Feb, 2015 1 commit
-
-
Douwe Maan authored
-
- 13 Jan, 2015 1 commit
-
-
Sheigutn authored
-
- 01 Jan, 2015 1 commit
-
-
mattes authored
-
- 01 Oct, 2014 1 commit
-
-
Ciro Santilli authored
-
- 26 Jun, 2014 1 commit
-
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 18 Jun, 2014 1 commit
-
-
Sytse Sijbrandij authored
-
- 25 Mar, 2014 1 commit
-
-
George Dewar authored
-