delta/gitlab/gitlab-ce.git/app/views/layouts, branch frozen_string_lib_2 gitlab.com: gitlab-org/gitlab-ce.git Remove inline JS in links 2019-08-20T21:43:04+00:00 Heinrich Lee Yu heinrich@gitlab.com 2019-08-15T07:29:29+00:00 0284917c701acfa5d88a98fef641ab35164ed9a8 Changes these to use unobtrusive JS 
Changes these to use unobtrusive JS
Remove margin from user header buttons 2019-08-20T20:50:59+00:00 Lucy Fox lucy@afox.org 2019-08-20T20:50:59+00:00 289576ccbad15a59cb12fe84afd54ff7b4e43dca 






Migrates Snowplow backend from EE to CE
2019-08-14T19:21:58+00:00

Jeremy Jackson
jjackson@gitlab.com

2019-08-14T19:21:58+00:00

5d9d5e603119c3ae334b0855a63d10d12b2390bd

This introduces several changes, but these are all just ported from the
EE project.





This introduces several changes, but these are all just ported from the
EE project.







Revert "Merge branch '64341-data-and-privacy-agreement-for-gitlab-users' into 'master'"
2019-08-14T17:53:07+00:00

Kushal Pandya
kushalspandya@gmail.com

2019-08-14T17:53:07+00:00

df905b408017e208a15597fb03a684f6a68d5e5f

This reverts merge request !30808





This reverts merge request !30808







Add notification for updated privacy policy
2019-08-14T12:20:36+00:00

Dennis Tang
750946-dennis@users.noreply.gitlab.com

2019-08-14T12:20:36+00:00

e5dd249c4ffb18dc6928e86ae0547b071f33dd72

This adds a notification to let users know of our updated privacy
policy.

Users can dismiss the notification either by following the link or
closing the notification via an "x" icon.





This adds a notification to let users know of our updated privacy
policy.

Users can dismiss the notification either by following the link or
closing the notification via an "x" icon.







Load search result counts asynchronously
2019-08-12T20:01:15+00:00

Markus Koller
mkoller@gitlab.com

2019-07-15T17:59:57+00:00

49c83155ccb78284b17a9ffa47583ddace5dbd01

Querying all counts for the different search results in the same request
led to timeouts, so we now only calculate the count for the *current*
search results, and request the others in separate asynchronous calls.





Querying all counts for the different search results in the same request
led to timeouts, so we now only calculate the count for the *current*
search results, and request the others in separate asynchronous calls.







Merge branch 'sh-support-csp-nonce' into 'master'
2019-08-07T05:03:05+00:00

Ash McKenzie
amckenzie@gitlab.com

2019-08-07T05:03:05+00:00

6cafa7002738f33c212b9f72d9b0f66b386c6faf

Add support for Content-Security-Policy

Closes #65330

See merge request gitlab-org/gitlab-ce!31402




Add support for Content-Security-Policy

Closes #65330

See merge request gitlab-org/gitlab-ce!31402






Add support for Content-Security-Policy
2019-08-07T02:37:31+00:00

Stan Hu
stanhu@gmail.com

2019-08-06T06:14:32+00:00

5fbbd3dd6e965f76ecf1767373bddd236a78a4be

A nonce-based Content-Security-Policy thwarts XSS attacks by allowing
inline JavaScript to execute if the script nonce matches the header
value. Rails 5.2 supports nonce-based Content-Security-Policy headers,
so provide configuration to enable this and make it work.

To support this, we need to change all `:javascript` HAML filters to the
following form:

```
= javascript_tag nonce: true do
  :plain
    ...
```

We use `%script` throughout our HAML to store JSON and other text, but
since this doesn't execute, browsers don't appear to block this content
from being used and require the nonce value to be present.





A nonce-based Content-Security-Policy thwarts XSS attacks by allowing
inline JavaScript to execute if the script nonce matches the header
value. Rails 5.2 supports nonce-based Content-Security-Policy headers,
so provide configuration to enable this and make it work.

To support this, we need to change all `:javascript` HAML filters to the
following form:

```
= javascript_tag nonce: true do
  :plain
    ...
```

We use `%script` throughout our HAML to store JSON and other text, but
since this doesn't execute, browsers don't appear to block this content
from being used and require the nonce value to be present.







Add top navigation analytics link
2019-08-06T06:13:13+00:00

Luke Bennett
lbennett@gitlab.com

2019-07-03T18:29:17+00:00

941f2e36ee3947f6a695698331bcedd6e5e4e29e












Removed pendo poc code
2019-07-30T18:59:38+00:00

Donald Cook
dcook@gitlab.com

2019-07-30T18:59:38+00:00

59a13560b337b3871d46aef460f47f05888813be