delta/gitlab/gitlab-ce.git/config, branch docs-debug-dstanley gitlab.com: gitlab-org/gitlab-ce.git Split MR widget into cached and non-cached serializers 2019-08-09T21:01:55+00:00 Igor idrozdov@gitlab.com 2019-08-09T21:01:55+00:00 b99011af62935de0b15e8a314ffb7df1f8a3f303 Splits auto-refreshing of MR widget into 2 requests: - the one which uses etag-caching and invalidates the fields on change - the one without caching The idea is to gradually move all the fields to etag-cached endpoint 
Splits auto-refreshing of MR widget into 2 requests:

- the one which uses etag-caching and invalidates the fields on change
- the one without caching

The idea is to gradually move all the fields to etag-cached endpoint
Add Gitaly and Rugged call timing in Sidekiq logs 2019-08-09T08:08:32+00:00 Stan Hu stanhu@gmail.com 2019-08-09T04:33:20+00:00 a74396dcc5e372c0b6a23fd47db22ebbeb8386d7 This will help identify Sidekiq jobs that invoke excessive number of filesystem access. The timing data is stored in `RequestStore`, but this is only active within the middleware and is not directly accessible to the Sidekiq logger. However, it is possible for the middleware to modify the job hash to pass this data along to the logger. 
This will help identify Sidekiq jobs that invoke excessive number of
filesystem access.

The timing data is stored in `RequestStore`, but this is only active
within the middleware and is not directly accessible to the Sidekiq
logger. However, it is possible for the middleware to modify the job
hash to pass this data along to the logger.
Merge branch 'filter-title-description-and-body-from-logs' into 'master' 2019-08-08T21:37:10+00:00 Stan Hu stanhu@gmail.com 2019-08-08T21:37:10+00:00 c43375dc87aa04d0a039b8d68bebfee07776cb82 Filter title, description, and body from logs Closes #64460 and #60365 See merge request gitlab-org/gitlab-ce!31274 
Filter title, description, and body from logs

Closes #64460 and #60365

See merge request gitlab-org/gitlab-ce!31274
 Add "Starred projects" tab to user overview 2019-08-07T18:49:14+00:00 Camil Staps info@camilstaps.nl 2019-01-27T10:18:09+00:00 382826855c77986823691d74e1e6b47ad715d652 






Add /starrers view for projects
2019-08-07T18:49:13+00:00

Camil Staps
info@camilstaps.nl

2019-01-25T20:53:00+00:00

59976090b52d401dc4d23b726b2168186524f269












Merge branch 'sh-support-csp-nonce' into 'master'
2019-08-07T05:03:05+00:00

Ash McKenzie
amckenzie@gitlab.com

2019-08-07T05:03:05+00:00

6cafa7002738f33c212b9f72d9b0f66b386c6faf

Add support for Content-Security-Policy

Closes #65330

See merge request gitlab-org/gitlab-ce!31402




Add support for Content-Security-Policy

Closes #65330

See merge request gitlab-org/gitlab-ce!31402






Add support for Content-Security-Policy
2019-08-07T02:37:31+00:00

Stan Hu
stanhu@gmail.com

2019-08-06T06:14:32+00:00

5fbbd3dd6e965f76ecf1767373bddd236a78a4be

A nonce-based Content-Security-Policy thwarts XSS attacks by allowing
inline JavaScript to execute if the script nonce matches the header
value. Rails 5.2 supports nonce-based Content-Security-Policy headers,
so provide configuration to enable this and make it work.

To support this, we need to change all `:javascript` HAML filters to the
following form:

```
= javascript_tag nonce: true do
  :plain
    ...
```

We use `%script` throughout our HAML to store JSON and other text, but
since this doesn't execute, browsers don't appear to block this content
from being used and require the nonce value to be present.





A nonce-based Content-Security-Policy thwarts XSS attacks by allowing
inline JavaScript to execute if the script nonce matches the header
value. Rails 5.2 supports nonce-based Content-Security-Policy headers,
so provide configuration to enable this and make it work.

To support this, we need to change all `:javascript` HAML filters to the
following form:

```
= javascript_tag nonce: true do
  :plain
    ...
```

We use `%script` throughout our HAML to store JSON and other text, but
since this doesn't execute, browsers don't appear to block this content
from being used and require the nonce value to be present.







Remove GC metrics from performance bar
2019-08-06T19:42:46+00:00

Sean McGivern
sean@gitlab.com

2019-08-06T18:05:47+00:00

66963aad70abba7a87512070047244eefefeb563

These were disabled in production mode, but that also broke the rest of
the performance bar. As they were only enabled in development mode, we
can just remove them for now.





These were disabled in production mode, but that also broke the rest of
the performance bar. As they were only enabled in development mode, we
can just remove them for now.







Use Rails 5.2 Redis caching store
2019-08-05T22:52:52+00:00

Stan Hu
stanhu@gmail.com

2019-07-19T20:58:44+00:00

b5771bccc6031c3adbdee31064f1c0c981ab73d4

This is the first step in providing a fault-tolerant and distributed
Redis caching store. We disable compression to avoid introducing a
change that could have an adverse effect in production.

Note that we won't be able to take advantage of the fault-tolerance and
distributed features yet until we solve
https://gitlab.com/gitlab-org/gitlab-ce/issues/64829.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/64794





This is the first step in providing a fault-tolerant and distributed
Redis caching store. We disable compression to avoid introducing a
change that could have an adverse effect in production.

Note that we won't be able to take advantage of the fault-tolerance and
distributed features yet until we solve
https://gitlab.com/gitlab-org/gitlab-ce/issues/64829.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/64794







Merge branch 'fix-design-management-router-ce' into 'master'
2019-08-05T08:37:32+00:00

Rémy Coutable
remy@rymai.me

2019-08-05T08:37:32+00:00

1ca5e1186d4bfeaa61b065f23419e640e4e52af3

CE Backport for gitlab-ee!14741 (Fix design management router)

See merge request gitlab-org/gitlab-ce!31090




CE Backport for gitlab-ee!14741 (Fix design management router)

See merge request gitlab-org/gitlab-ce!31090