gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2021-10-20	Add latest changes from gitlab-org/gitlab@14-4-stable-eev14.4.0-rc42	GitLab Bot

2021-08-19	Add latest changes from gitlab-org/gitlab@14-2-stable-eev14.2.0-rc42	GitLab Bot

2021-07-20	Add latest changes from gitlab-org/gitlab@14-1-stable-eev14.1.0-rc42	GitLab Bot

2021-06-16	Add latest changes from gitlab-org/gitlab@14-0-stable-eev14.0.0-rc42	GitLab Bot

2021-06-07	Add latest changes from gitlab-org/gitlab@13-12-stable-ee	GitLab Bot

2021-05-19	Add latest changes from gitlab-org/gitlab@13-12-stable-eev13.12.0-rc42	GitLab Bot

2019-08-07	Add missing report-uri to CSP config	Stan Hu
	This is supported in Rails 5.2, although it may be deprecated in the future by reports-to.
2019-08-07	Add support for Content-Security-Policy	Stan Hu
	A nonce-based Content-Security-Policy thwarts XSS attacks by allowing inline JavaScript to execute if the script nonce matches the header value. Rails 5.2 supports nonce-based Content-Security-Policy headers, so provide configuration to enable this and make it work. To support this, we need to change all `:javascript` HAML filters to the following form: ``` = javascript_tag nonce: true do :plain ... ``` We use `%script` throughout our HAML to store JSON and other text, but since this doesn't execute, browsers don't appear to block this content from being used and require the nonce value to be present.