Revert Subresource Integrity pending a fix for Firefox's incorrect hashing implementation.

2016-06-27 07:47:33 -06:00 · 2016-06-27 07:47:33 -06:00 · 47b9b162c7
parent 0115ab7f40
commit 47b9b162c7
3 changed files with 4 additions and 5 deletions
--- a/1
+++ b/1
@ -7,7 +7,6 @@ v 8.10.0 (unreleased)
  - Fix MR-auto-close text added to description. !4836
  - Fix pagination when sorting by columns with lots of ties (like priority)
  - Exclude email check from the standard health check
-  - Implement Subresource Integrity for CSS and JavaScript assets. This prevents malicious assets from loading in the case of a CDN compromise.
  - Fix changing issue state columns in milestone view
  - Fix user creation with stronger minimum password requirements !4054 (nathan-pmt)
  - Add API endpoint for a group issues !4520 (mahcsig)
--- a/app/helpers/javascript_helper.rb
+++ b/app/helpers/javascript_helper.rb
@ -1,5 +1,5 @@
 module JavascriptHelper
  def page_specific_javascript_tag(js)
-    javascript_include_tag asset_path(js), { integrity: true, "data-turbolinks-track" => true }
+    javascript_include_tag asset_path(js), { "data-turbolinks-track" => true }
  end
 end
--- a/app/views/layouts/_head.html.haml
+++ b/app/views/layouts/_head.html.haml
@ -25,10 +25,10 @@

  = favicon_link_tag 'favicon.ico'

-  = stylesheet_link_tag "application", media: "all", integrity: true
-  = stylesheet_link_tag "print",       media: "print", integrity: true
+  = stylesheet_link_tag "application", media: "all"
+  = stylesheet_link_tag "print",       media: "print"

-  = javascript_include_tag "application", integrity: true
+  = javascript_include_tag "application"

  - if content_for?(:page_specific_javascripts)
    = yield :page_specific_javascripts