gitlab.com/gitlab-org/gitlab-pages.git - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2023-05-08	Upgrade golangci-lint to v1.52.2 on CI	Jaime Martinez

2023-04-12	Update golangci-lint tool	Kassio Borges

2023-01-19	Refactor auth constructor to use options struct	Naman Jagdish Gala

2022-12-28	Merge branch 'master' into 'security-arbitrary-protocol-redirection'	Naman Jagdish Gala
	# Conflicts: # internal/auth/auth_test.go
2022-12-28	Reduce race condition on pages authentication	Kassio Borges

2022-11-29	Restrict arbitrary protocol redirection to only https or http URLs	ngala
	This commit restricts arbitrary protocol redirection to only https or http URLs and introduces nolint: gocyclo for auth.handleProxyingAuth method. Changelog: security
2022-11-03	Add auth-cookie-session-timeout flag	Kassio Borges
	Related to: https://gitlab.com/gitlab-org/gitlab-pages/-/issues/806 Changelog: added
2022-06-28	Improve consistency of log fields	feistel

2022-06-01	Add comment about https redirect in authorization middleware	feistel

2022-06-01	Add missing newline	Jaime Martinez

2022-05-22	Reduce lookup path requests in the handler pipeline	feistel

2022-05-02	Add nolintlint linter configuration	feistel
	Require an explanation for nolint rules and warn about unused rules
2022-04-08	chore: move check outside of fetching token function	Jaime Martinez

2022-04-08	fix: handle context canceled gracefully for auth and artifacts	Jaime Martinez
	Changelog: changed
2022-04-06	Add comment details for nonce size	Vishal Tak

2022-04-06	Update nonce to make it of standard size	Vishal Tak
	Changelog: changed
2022-04-05	Merge branch 'refactor/specialized-require' into 'master'	Jaime Martinez
	test: replace require.Equal with specialized assertions See merge request gitlab-org/gitlab-pages!685
2022-03-24	fix: validate that session was issued on the same host	Vladimir Shushlin
	Currently, sessions are valid across all domains. And our auth tokens are also valid for all pages projects user has access to. This means that cookie from one website can be reused on the another. Attackers can steal cookies in many different ways. The easiest way would be to setup a validated custom domain, then proxy all requests to pages server, but log the cookies. Once you have a cookie for attackers domain, you can reuse it on any other pages domain the target user has access to. This commit saves current domain in the session and validates it when reading the session. Changelog: security
2022-03-15	feat: allow auth http.Client timeout to be configurable	Osman İlge Ünaldı
	Changelog: added
2022-03-11	Add correlation_id to all exception captures	Kassio Borges

2022-02-24	test: replace require.Equal with specialized assertions	feistel

2022-02-18	refactor: use testhelpers.Close()	yigithankardas

2022-02-04	Merge branch 'test/move-mocks' into 'master'	Vladimir Shushlin
	test: move mocks to their own package See merge request gitlab-org/gitlab-pages!671
2022-01-31	fix: ensure logging status codes field names are consistent	Stan Hu
	LabKit logs all HTTP responses with a `status` field of an integer. We ensure that all errors now use this convention and store the full status text as `status_text`. This is needed to enusre Elasticsearch doesn't drop logs due to mapping conflicts. Changelog: fixed
2022-01-26	test: move mocks to their own package	feistel

2022-01-24	lint: fix gci issues	feistel

2021-12-08	Merge branch 'remove-unused-ctx' into 'master'	Jaime Martinez
	refactor: enable unparam in .gitlabci.yml See merge request gitlab-org/gitlab-pages!631
2021-12-07	refactor: enable unparam in .golangci.yml	Vladimir Shushlin
	and fix offences
2021-12-07	chore: upgrade to labkit 1.11.0	Jaime Martinez
	And report stack trace with error tracking to Sentry. Changelog: other
2021-11-22	chore(auth): add unit tests for domainAllowed	Markus Legner

2021-11-22	fix(auth): check suffix correctly in domainAllowed	Markus Legner
	Changelog: fixed
2021-11-19	Merge branch 'joernchen-master-patch-26405' into 'master'	Jaime Martinez
	Escape user supplied code before inserting as a POST parameter See merge request gitlab-org/gitlab-pages!620
2021-11-19	Escape user supplied code before inserting as a POST parameter	Joern Schneeweisz

2021-11-17	test: stop calling mockController.Finish directly	feistel
	This is handled by mockgen 1.5.0+
2021-10-26	refactor: rename imported domain packages	Vladimir Shushlin

2021-10-25	refactor: remove domain from request	Jaime Martinez

2021-10-01	Merge branch 'fix/source-mock' into 'master'	Alessio Caiazza
	test: update source mock to use mockgen Closes #277 See merge request gitlab-org/gitlab-pages!525
2021-10-01	test: simplify assertion	feistel
	replace require.Equal with require.False/True
2021-09-29	docs: update middlewares method doc for signature change	Jaime Martinez

2021-09-28	refactor: move acl to auth package and update function signature	feistel

2021-09-16	refactor: move middlewares to corresponding packages	feistel

2021-09-09	test: update source mock to use mockgen	feistel

2021-09-09	refactor: move away from ioutil (deprecated)	feistel

2021-09-02	refactor: replace magic numbers with http status codes	feistel

2021-08-19	test: fix response body not being closed	feistel
	nolint is added when the body is nil or if the body can't be closed
2021-08-10	Merge branch 'fix/no-ctx' into 'master'	Jaime Martinez
	fix: propagate context to sub requests See merge request gitlab-org/gitlab-pages!538
2021-08-09	feat: capture errors when trying to fetch the access token	feistel

2021-08-09	refactor: improve checkAuthentication logic, check error first and log ↵	feistel
	status code during an unexpected response
2021-08-08	fix: propagate context to sub requests	feistel

2021-08-05	fix: close response body and fix memory leak	feistel