This prevents compromised or malicious CDNs from modifying assets. The hash provided by Rails is compared to the hash of the asset the browser has downloaded. The browser will refuse to execute/parse the assets if the hashes don't match. SRI is currently implemented in Firefox, Chrome, and Opera. More information is available in #18230 and on MDN: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity This doesn't apply to the dynamically-generated per-page JavaScript due to a bug in sprockets-rails (https://github.com/rails/sprockets-rails/issues/359).
Hide nav arrows by default ## What does this MR do? - Fixes the arrow icon flashing on page load - Removes settings dropdown at higher breakpoint - Removes unneeded CSS Closes #18941 ## Screenshots (if relevant) Arrow flashing bug:  Settings dropdown breaking nav: <img src="/uploads/4351035f4cf8cb9fd892b621e6339e50/Screen_Shot_2016-06-21_at_4.25.50_PM.png" width="800px"> @alfredo1 would you mind double checking this to make sure the arrow flashing is definitely not happening? See merge request !4843
fix import/export error typo Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18948 See merge request !4847
Fix Network graph links.
## What does this MR do?
Fixes the Network graph links so they no longer link to `/master#{escape_javascript(@commit_url)}`
## Are there points in the code the reviewer needs to double check?
Don't think so.
## Why was this MR needed?
Single quotes don't evaluate Ruby expressions.
## What are the relevant issue numbers?
Fixes #18894.
cc: @jschatz1
See merge request !4832
Display group/project access requesters separately in admin ## What does this MR do? It displays the access requesters in a separate list in group & project members pages. It also harmonize the members counter UI to use `%span.badge` everywhere (in the admin & non-admin members views). ## Are there points in the code the reviewer needs to double check? No. ## Why was this MR needed? To not confuse access requesters with actual members. ## What are the relevant issue numbers? Closes #18871. ## Screenshots ### Group members | Before | After | | --------- | ---- | |  |  | ### Project members | Before | After | | --------- | ---- | |  |  | ### Admin group members | Before | After | | --------- | ---- | |  |  | ### Admin project members | Before | After | | --------- | ---- | |  |  | ## Does this MR meet the acceptance criteria? - [x] No CHANGELOG since this is related to the original "request access" MR. - [ ] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4798
Resolve "Destroying a project causes post_decline_request to be executed" ## What does this MR do? Ensure we don't send "access request declined" to access requesters when a project is deleted. ## Are there points in the code the reviewer needs to double check? I've created a service to decouple the notification sending from the AR model. ## Why was this MR needed? Because there was an issue. ## What are the relevant issue numbers? Fixes #18755, #18750. ## Does this MR meet the acceptance criteria? - [x] No CHANGELOG needed. - [x] Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4744