| Age | Commit message (Collapse) | Author |
|---|
|
Resolve "Multi selection for delete on registry page"
Closes #24705
See merge request gitlab-org/gitlab-ce!30837
|
|
Remove duplicate -/users/terms routes
See merge request gitlab-org/gitlab-ce!31812
|
|
CE-specific changes for:
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/15129
Co-Authored-By: Alex Kalderimis <akalderimis@gitlab.com>
Co-Authored-By: Luke Duncalfe <lduncalfe@eml.cc>
|
|
'46548-open-source-alternative-to-recaptcha-for-gitlab-com-registration' into 'master'
Open source alternative to reCAPTCHA for GitLab.com registration
See merge request gitlab-org/gitlab-ce!31625
|
|
Elasticsearch versioned schema for Snippet
See merge request gitlab-org/gitlab-ce!31465
|
|
|
|
|
|
Remove concerns from eager load paths
See merge request gitlab-org/gitlab-ce!31649
|
|
'63942-remove-config-action_dispatch-use_authenticated_cookie_encryption-configuration' into 'master'
Remove `config.action_dispatch.use_authenticated_cookie_encryption` configuration
Closes #63942
See merge request gitlab-org/gitlab-ce!31463
|
|
Old cookies are still valid and are automatically
upgraded by Rails
|
|
Querying all counts for the different search results in the same request
led to timeouts, so we now only calculate the count for the *current*
search results, and request the others in separate asynchronous calls.
|
|
When we hit our app with the initial request, in `warmup`,
some metrics already being created as well as corresponding files.
If we do `multiproc_file_dir` cleanup after that, we delete the files
from the dir while keeping them in memory which leads to the incorrect
behavior: the metric is being updated in in-memory, while is not present
in the db, not sent to Prometheus as the result.
|
|
|
|
With a time treshold of 4 seconds
and a firstname and lastname honeypot
input fields when signing up
|
|
Splits auto-refreshing of MR widget into 2 requests:
- the one which uses etag-caching and invalidates the fields on change
- the one without caching
The idea is to gradually move all the fields to etag-cached endpoint
|
|
This will help identify Sidekiq jobs that invoke excessive number of
filesystem access.
The timing data is stored in `RequestStore`, but this is only active
within the middleware and is not directly accessible to the Sidekiq
logger. However, it is possible for the middleware to modify the job
hash to pass this data along to the logger.
|
|
Filter title, description, and body from logs
Closes #64460 and #60365
See merge request gitlab-org/gitlab-ce!31274
|
|
|
|
to 30 days
|
|
|
|
|
|
Add support for Content-Security-Policy
Closes #65330
See merge request gitlab-org/gitlab-ce!31402
|
|
A nonce-based Content-Security-Policy thwarts XSS attacks by allowing
inline JavaScript to execute if the script nonce matches the header
value. Rails 5.2 supports nonce-based Content-Security-Policy headers,
so provide configuration to enable this and make it work.
To support this, we need to change all `:javascript` HAML filters to the
following form:
```
= javascript_tag nonce: true do
:plain
...
```
We use `%script` throughout our HAML to store JSON and other text, but
since this doesn't execute, browsers don't appear to block this content
from being used and require the nonce value to be present.
|
|
These were disabled in production mode, but that also broke the rest of
the performance bar. As they were only enabled in development mode, we
can just remove them for now.
|
|
This is the first step in providing a fault-tolerant and distributed
Redis caching store. We disable compression to avoid introducing a
change that could have an adverse effect in production.
Note that we won't be able to take advantage of the fault-tolerance and
distributed features yet until we solve
https://gitlab.com/gitlab-org/gitlab-ce/issues/64829.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/64794
|
|
CE Backport for gitlab-ee!14741 (Fix design management router)
See merge request gitlab-org/gitlab-ce!31090
|
|
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/14741
|
|
This reverts merge request !31379
|
|
Support X_if_ee methods for QA tests
See merge request gitlab-org/gitlab-ce!31379
|
|
Previously, both InfluxSampler and RubySampler were relying on the
`GC::Profiler.total_time` data which is the sum over the list
of captured GC events. Also, both samplers asynchronously called
`GC::Profiler.clear` which led to incorrect metric data because
each sampler has the wrong assumption it is the only object who calls
`GC::Profiler.clear` and thus could rely on the gathered results between
such calls.
We should ensure that `GC::Profiler.total_time` is called only in one
place making it possible to rely on accumulated data between such wipes.
Also, we need to track the amount of profiler reports we lost.
|
|
Introducing Docker Registry replication
|
|
For the QA tests to use the new injection methods, we must require the
initializer and ensure that the "constantize" method is available.
|
|
- After uninstalling the knative helm chart it's necessary to also
remove some leftover resources to allow the cluster to be clean
and knative to be reinstalleable.
- Adds knative uninstall disclaimer
- Uninstall ksvc before uninstalling knative
Make list of Knative and Ingres resources explicit
- To avoid deleting unwanted resources we are listing exact
which resources will be deleted rather than simply deleting any
resource that contains istio or knative words.
|
|
Add method to store session ids by ip
Add new specs for storing session ids
Add cleaning up records after login
Add retrieving anonymous sessions
Add login recaptcha setting
Add new setting to sessions controller
Add conditions for showing captcha
Add sessions controller specs
Add admin settings specs for login protection
Add new settings to api
Add stub to devise spec
Add new translation key
Add cr remarks
Rename class call
Add cr remarks
Change if-clause for consistency
Add cr remarks
Add code review remarks
Refactor AnonymousSession class
Add changelog entry
Move AnonymousSession class to lib
Move store unauthenticated sessions to sessions controller
Move link to recaptcha info
Regenerate text file
Improve copy on the spam page
Change action filter for storing anonymous sessions
Fix rubocop offences
Add code review remarks
|
|
Use file-loader for sprite icons within icon.vue
See merge request gitlab-org/gitlab-ce!31257
|
|
|
|
This adds the methods prepend_if_ee, extend_if_ee, and include_if_ee
that can be used to inject EE specific modules in EE.
These methods are exposed as an initializer that is loaded as soon as
possible. For tests that use fast_spec_helper.rb we must load this
initializer manually, as the Rails environment is not loaded. This is
not the most pretty setup, but unfortunately there is no alternative
that we can use.
|
|
These can contain sensitive content.
|
|
1. The output isn't great. It can be hard to find hotspots and, even
when you do find them, to find why those are hotspots.
2. It uses some jQuery-specific frontend code which we can remove now
that we don't have this any more.
3. It's only possible to profile the initial request, not any subsequent
AJAX requests.
|
|
|
|
|
|
Make pdf.js render CJK characters
Closes #62152
See merge request gitlab-org/gitlab-ce!31220
|
|
|
|
Replace peek-pg with our own implementation
Closes #44441
See merge request gitlab-org/gitlab-ce!31187
|
|
This adds diirect monitoring for sidekiq metrics. This is done via
sidekiq middleware and a sampler to pull from sidekiqs api.
|
|
As mentioned in
https://github.com/wojtekmaj/react-pdf/blob/master/README.md,
pdf.js needs the bundled cMaps files to work.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62152
|
|
Redirect project.wiki.git to project wiki home
See merge request gitlab-org/gitlab-ce!31085
|
|
This MR updates the y_label values and the label
values in common_metrics and cluster_metrics to
append the units of measurement to the labels.
|
|
Do not allow localhost url redirection in GitHub Integration
See merge request gitlab/gitlabhq!3188
|
|
Drop feature to take ownership of a trigger token
Closes #2868
See merge request gitlab/gitlabhq!3198
|
