diff options
author | Connor Shea <connor.james.shea@gmail.com> | 2016-06-27 07:47:33 -0600 |
---|---|---|
committer | Connor Shea <connor.james.shea@gmail.com> | 2016-06-27 07:47:33 -0600 |
commit | 47b9b162c7df91fda0bb47d4c83f0fe4681e055b (patch) | |
tree | 8da724237ee64f0b9a29f4c00d4f878fc5cf526b | |
parent | 0115ab7f403e7b25a7e66c3f4c309ddd5f37d657 (diff) | |
download | gitlab-ce-revert-sri.tar.gz |
Revert Subresource Integrity pending a fix for Firefox's incorrect hashing implementation.revert-sri
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/helpers/javascript_helper.rb | 2 | ||||
-rw-r--r-- | app/views/layouts/_head.html.haml | 6 |
3 files changed, 4 insertions, 5 deletions
diff --git a/CHANGELOG b/CHANGELOG index 4a8188ea060..ef027eff045 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -7,7 +7,6 @@ v 8.10.0 (unreleased) - Fix MR-auto-close text added to description. !4836 - Fix pagination when sorting by columns with lots of ties (like priority) - Exclude email check from the standard health check - - Implement Subresource Integrity for CSS and JavaScript assets. This prevents malicious assets from loading in the case of a CDN compromise. - Fix changing issue state columns in milestone view - Fix user creation with stronger minimum password requirements !4054 (nathan-pmt) - Add API endpoint for a group issues !4520 (mahcsig) diff --git a/app/helpers/javascript_helper.rb b/app/helpers/javascript_helper.rb index 5109356941d..0e456214d37 100644 --- a/app/helpers/javascript_helper.rb +++ b/app/helpers/javascript_helper.rb @@ -1,5 +1,5 @@ module JavascriptHelper def page_specific_javascript_tag(js) - javascript_include_tag asset_path(js), { integrity: true, "data-turbolinks-track" => true } + javascript_include_tag asset_path(js), { "data-turbolinks-track" => true } end end diff --git a/app/views/layouts/_head.html.haml b/app/views/layouts/_head.html.haml index 2d020e9c222..757de92d6d4 100644 --- a/app/views/layouts/_head.html.haml +++ b/app/views/layouts/_head.html.haml @@ -25,10 +25,10 @@ = favicon_link_tag 'favicon.ico' - = stylesheet_link_tag "application", media: "all", integrity: true - = stylesheet_link_tag "print", media: "print", integrity: true + = stylesheet_link_tag "application", media: "all" + = stylesheet_link_tag "print", media: "print" - = javascript_include_tag "application", integrity: true + = javascript_include_tag "application" - if content_for?(:page_specific_javascripts) = yield :page_specific_javascripts |