kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
107,268 Commits 1 Branch 0 Tags 899 MiB
Commit Graph

22 Commits

Author SHA1 Message Date
GitLab Bot 16d8ebae46 Add latest changes from gitlab-org/gitlab@master 2021-11-30 21:10:33 +00:00
GitLab Bot 77b8390171 Add latest changes from gitlab-org/gitlab@master 2021-11-24 12:10:21 +00:00
GitLab Bot 11c2b8eff6 Add latest changes from gitlab-org/gitlab@master 2021-11-11 18:14:04 +00:00
GitLab Bot a056c4d05f Add latest changes from gitlab-org/gitlab@master 2021-10-29 09:10:11 +00:00
GitLab Bot 45760607bc Add latest changes from gitlab-org/gitlab@master 2021-10-25 09:12:21 +00:00
GitLab Bot b428f0ed8d Add latest changes from gitlab-org/gitlab@master 2021-10-21 21:14:18 +00:00
GitLab Bot ee2c09733d Add latest changes from gitlab-org/gitlab@master 2021-10-19 18:13:24 +00:00
GitLab Bot 30e5ae4c2b Add latest changes from gitlab-org/gitlab@master 2021-10-06 18:12:19 +00:00
GitLab Bot 79ecd9a748 Add latest changes from gitlab-org/gitlab@master 2021-08-13 21:09:54 +00:00
GitLab Bot e6de69cc2e Add latest changes from gitlab-org/gitlab@master 2021-08-12 03:10:11 +00:00
GitLab Bot caff5659c9 Add latest changes from gitlab-org/gitlab@master 2021-08-10 21:10:06 +00:00
GitLab Bot 7c28a67789 Add latest changes from gitlab-org/gitlab@master 2021-06-30 12:07:58 +00:00
GitLab Bot 4f41b713eb Add latest changes from gitlab-org/gitlab@master 2021-06-03 15:10:01 +00:00
GitLab Bot e5f1831403 Add latest changes from gitlab-org/gitlab@master 2021-06-03 09:10:18 +00:00
GitLab Bot 685084aaf4 Add latest changes from gitlab-org/gitlab@master 2021-06-03 06:10:07 +00:00
GitLab Bot 8c438dd7a6 Add latest changes from gitlab-org/gitlab@master 2021-06-01 12:09:36 +00:00
GitLab Bot c0bc55ffe1 Add latest changes from gitlab-org/gitlab@master 2021-05-25 21:10:26 +00:00
GitLab Bot c33a9adb70 Add latest changes from gitlab-org/gitlab@master 2021-05-11 12:10:20 +00:00
GitLab Bot c59765a50a Add latest changes from gitlab-org/gitlab@master 2020-06-24 18:09:03 +00:00
GitLab Bot a89cb5cbdd Add latest changes from gitlab-org/gitlab@master 2020-02-06 21:08:48 +00:00
Stan Hu d265408c26 Add missing report-uri to CSP config 
This is supported in Rails 5.2, although it may be
deprecated in the future by reports-to.
 2019-08-07 11:21:08 -07:00
Stan Hu 5fbbd3dd6e
Add support for Content-Security-Policy 
A nonce-based Content-Security-Policy thwarts XSS attacks by allowing
inline JavaScript to execute if the script nonce matches the header
value. Rails 5.2 supports nonce-based Content-Security-Policy headers,
so provide configuration to enable this and make it work.

To support this, we need to change all `:javascript` HAML filters to the
following form:

```
= javascript_tag nonce: true do
  :plain
    ...
```

We use `%script` throughout our HAML to store JSON and other text, but
since this doesn't execute, browsers don't appear to block this content
from being used and require the nonce value to be present.
 2019-08-07 12:37:31 +10:00