diff options
author | Connor Shea <connor.james.shea@gmail.com> | 2016-06-22 16:25:59 -0600 |
---|---|---|
committer | Connor Shea <connor.james.shea@gmail.com> | 2016-06-22 16:25:59 -0600 |
commit | bba1d2de3bc76bf65b4c2ded07e94ab0d7455bfd (patch) | |
tree | 8259256c056dca42e6c6d789932ee62be208e7f5 | |
parent | 97ec04ac9b923ff9eb68ce51a35150d45105adf1 (diff) | |
download | gitlab-ce-bba1d2de3bc76bf65b4c2ded07e94ab0d7455bfd.tar.gz |
Add clarifying comment and a Changelog entry.
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/views/layouts/_head.html.haml | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index 7179cd13e11..76d9712ce9f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.10.0 (unreleased) - Wrap code blocks on Activies and Todos page. !4783 (winniehell) - Fix MR-auto-close text added to description. !4836 + - Implement Subresource Integrity for CSS and JavaScript assets. This prevents malicious assets from loading in the case of a CDN compromise. v 8.9.0 - Fix builds API response not including commit data diff --git a/app/views/layouts/_head.html.haml b/app/views/layouts/_head.html.haml index be29ed532ee..d5965a6ec99 100644 --- a/app/views/layouts/_head.html.haml +++ b/app/views/layouts/_head.html.haml @@ -30,6 +30,9 @@ = javascript_include_tag "application", integrity: true + -# FIXME: SRI doesn't apply to the dynamically-generated per-page + -# JavaScript due to a bug in sprockets-rails. + -# See https://github.com/rails/sprockets-rails/issues/359 - if page_specific_javascripts = javascript_include_tag page_specific_javascripts, {"data-turbolinks-track" => true} |