delta/gitlab/gitlab-ce.git/app/controllers/graphql_controller.rb, branch frozen_string_lib_2 gitlab.com: gitlab-org/gitlab-ce.git Propagate argument errors as execution errors 2019-07-30T15:12:24+00:00 Alex Kalderimis alex.kalderimis@gmail.com 2019-07-29T18:36:35+00:00 8a1fc36e1d3df359c7ab87a5d3b40cf35b2a8604 






Remove `:graphql` feature flag
2019-07-09T12:45:23+00:00

charlie ablett
cablett@gitlab.com

2019-07-09T12:45:23+00:00

639ab5214cb569dce70080020e3181946e5d3bf1

- Remove `FeatureConstrainer` call wrapping api endpoint
- Remove `Feature.enabled?(:graphql)` conditionals in back and frontend
- Modify graphql test to be graphql flag agnostic
- Remove api routing spec
- Remove frontend feature flag via `gon`





- Remove `FeatureConstrainer` call wrapping api endpoint
- Remove `Feature.enabled?(:graphql)` conditionals in back and frontend
- Modify graphql test to be graphql flag agnostic
- Remove api routing spec
- Remove frontend feature flag via `gon`







Enable GraphQL batch requests
2019-05-29T09:31:16+00:00

Phil Hughes
me@iamphill.com

2019-05-28T13:41:57+00:00

301a7d32b40128d388aa42b487de367c1cdbc1cd












Enables GraphQL batch requests
2019-05-28T08:22:02+00:00

Phil Hughes
me@iamphill.com

2019-05-09T09:27:07+00:00

11f85ae8c3b8ec5d864edd079e7c420a49cae72e

Enabling GraphQL batch requests allows for multiple queries
to be sent in 1 request reducing the amount of requests
we send to the server.

Responses come come back in the same order as the queries were
provided.





Enabling GraphQL batch requests allows for multiple queries
to be sent in 1 request reducing the amount of requests
we send to the server.

Responses come come back in the same order as the queries were
provided.







Add API access check to Graphql
2019-03-27T14:59:02+00:00

Felipe Artur
fcardozo@gitlab.com

2019-03-27T14:59:02+00:00

73b553a42a1dec7bd38e0aeeb5514c2a566a98c9

Check if user can access API on GraphqlController





Check if user can access API on GraphqlController







Allow GraphQL requests without CSRF token
2019-03-06T14:38:00+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2019-03-03T12:53:03+00:00

b623932eb303921a721244c707f145e1baf29da0

With this we allow authentication using a session or using personal
access token.

Authentication using a session, and CSRF token makes it easy to play
with GraphQL from the Graphiql endpoint we expose.

But we cannot enforce CSRF validity, otherwise authentication for
regular API clients would fail when they use personal access tokens to
authenticate.





With this we allow authentication using a session or using personal
access token.

Authentication using a session, and CSRF token makes it easy to play
with GraphQL from the Graphiql endpoint we expose.

But we cannot enforce CSRF validity, otherwise authentication for
regular API clients would fail when they use personal access tokens to
authenticate.







Enable GraphQL API endpoint
2018-12-13T10:12:13+00:00

Phil Hughes
me@iamphill.com

2018-12-13T10:12:13+00:00

744f6ed12bf1ce543b4c903d27cfd8362e91795d












Remove issue_suggestions feature flag
2018-12-13T09:43:36+00:00

Phil Hughes
me@iamphill.com

2018-12-11T11:34:56+00:00

2bb468d6b91e164eb8144877015961fe40b2709f

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/55166





Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/55166







Merge branch 'security-fix-pat-web-access' into 'master'
2018-11-29T00:13:59+00:00

Cindy Pallares
cindy@gitlab.com

2018-11-28T19:06:02+00:00

fe5f75930e781ef854b458fafa307ebb90a8ed2e

[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"

See merge request gitlab/gitlabhq!2583




[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"

See merge request gitlab/gitlabhq!2583






Enable frozen string in app/controllers/**/*.rb
2018-09-19T04:22:45+00:00

gfyoung
gfyoung17@gmail.com

2018-09-14T05:42:05+00:00

73322a0e551bbbc42d429b15e7ad9fd375ab761d

Enables frozen string for the following:

* app/controllers/*.rb
* app/controllers/admin/**/*.rb
* app/controllers/boards/**/*.rb
* app/controllers/ci/**/*.rb
* app/controllers/concerns/**/*.rb

Partially addresses #47424.





Enables frozen string for the following:

* app/controllers/*.rb
* app/controllers/admin/**/*.rb
* app/controllers/boards/**/*.rb
* app/controllers/ci/**/*.rb
* app/controllers/concerns/**/*.rb

Partially addresses #47424.