GitLab Bot
16d8ebae46
Add latest changes from gitlab-org/gitlab@master
2021-11-30 21:10:33 +00:00
GitLab Bot
77b8390171
Add latest changes from gitlab-org/gitlab@master
2021-11-24 12:10:21 +00:00
GitLab Bot
11c2b8eff6
Add latest changes from gitlab-org/gitlab@master
2021-11-11 18:14:04 +00:00
GitLab Bot
a056c4d05f
Add latest changes from gitlab-org/gitlab@master
2021-10-29 09:10:11 +00:00
GitLab Bot
45760607bc
Add latest changes from gitlab-org/gitlab@master
2021-10-25 09:12:21 +00:00
GitLab Bot
b428f0ed8d
Add latest changes from gitlab-org/gitlab@master
2021-10-21 21:14:18 +00:00
GitLab Bot
ee2c09733d
Add latest changes from gitlab-org/gitlab@master
2021-10-19 18:13:24 +00:00
GitLab Bot
30e5ae4c2b
Add latest changes from gitlab-org/gitlab@master
2021-10-06 18:12:19 +00:00
GitLab Bot
79ecd9a748
Add latest changes from gitlab-org/gitlab@master
2021-08-13 21:09:54 +00:00
GitLab Bot
e6de69cc2e
Add latest changes from gitlab-org/gitlab@master
2021-08-12 03:10:11 +00:00
GitLab Bot
caff5659c9
Add latest changes from gitlab-org/gitlab@master
2021-08-10 21:10:06 +00:00
GitLab Bot
7c28a67789
Add latest changes from gitlab-org/gitlab@master
2021-06-30 12:07:58 +00:00
GitLab Bot
4f41b713eb
Add latest changes from gitlab-org/gitlab@master
2021-06-03 15:10:01 +00:00
GitLab Bot
e5f1831403
Add latest changes from gitlab-org/gitlab@master
2021-06-03 09:10:18 +00:00
GitLab Bot
685084aaf4
Add latest changes from gitlab-org/gitlab@master
2021-06-03 06:10:07 +00:00
GitLab Bot
8c438dd7a6
Add latest changes from gitlab-org/gitlab@master
2021-06-01 12:09:36 +00:00
GitLab Bot
c0bc55ffe1
Add latest changes from gitlab-org/gitlab@master
2021-05-25 21:10:26 +00:00
GitLab Bot
c33a9adb70
Add latest changes from gitlab-org/gitlab@master
2021-05-11 12:10:20 +00:00
GitLab Bot
c59765a50a
Add latest changes from gitlab-org/gitlab@master
2020-06-24 18:09:03 +00:00
GitLab Bot
a89cb5cbdd
Add latest changes from gitlab-org/gitlab@master
2020-02-06 21:08:48 +00:00
Stan Hu
d265408c26
Add missing report-uri to CSP config
...
This is supported in Rails 5.2, although it may be
deprecated in the future by reports-to.
2019-08-07 11:21:08 -07:00
Stan Hu
5fbbd3dd6e
Add support for Content-Security-Policy
...
A nonce-based Content-Security-Policy thwarts XSS attacks by allowing
inline JavaScript to execute if the script nonce matches the header
value. Rails 5.2 supports nonce-based Content-Security-Policy headers,
so provide configuration to enable this and make it work.
To support this, we need to change all `:javascript` HAML filters to the
following form:
```
= javascript_tag nonce: true do
:plain
...
```
We use `%script` throughout our HAML to store JSON and other text, but
since this doesn't execute, browsers don't appear to block this content
from being used and require the nonce value to be present.
2019-08-07 12:37:31 +10:00