Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-04-26 | Merge branch 'healthcheck/middleware' into 'master' | Jaime Martinez | |
refactor: move healthcheck middleware early in the pipeline See merge request gitlab-org/gitlab-pages!616 | |||
2022-04-26 | Merge branch 'test/https-middleware' into 'master' | Jaime Martinez | |
test: add early return and tests for internal/handlers/https Closes #749 See merge request gitlab-org/gitlab-pages!743 | |||
2022-04-26 | Compare status path against request path | feistel | |
2022-04-26 | Rework healthcheck tests | feistel | |
2022-04-26 | Rework HTTPS tests and assert location header | feistel | |
2022-04-26 | Merge branch 'fix/acme-middleware' into 'master' | Vladimir Shushlin | |
fix acme middleware passing handled requests to parent middlewares See merge request gitlab-org/gitlab-pages!736 | |||
2022-04-25 | Add early return and tests for internal/handlers/https | feistel | |
2022-04-25 | Merge branch 'kassio/default-server-write-timeout-to-0' into 'master' | Vladimir Shushlin | |
Tweaking default `serverWriteTimeout` to avoid problem with download of large files. See merge request gitlab-org/gitlab-pages!741 | |||
2022-04-22 | Move https middleware to internal/handlers | feistel | |
2022-04-22 | Fix acme middleware passing handled requests to parent middlewares | feistel | |
2022-04-22 | config: Default serverWriteTimeout to 0kassio/default-server-write-timeout-to-0 | Kassio Borges | |
To avoid timeouts on large file downloads, change the default `serverWriteTimeout` to `0` (no timeout). Related to: https://gitlab.com/gitlab-org/gitlab-pages/-/issues/725#note_915081271 Changelog: changed | |||
2022-04-20 | Move healthcheck middleware to a separate package | feistel | |
add Cache-Control: no-store to status response | |||
2022-04-18 | Add compile time flag for building in FIPS | Vishal Tak | |
2022-04-14 | Remove FF_DISABLE_REFRESH_TEMPORARY_ERROR feature flag | feistel | |
Changelog: removed | |||
2022-04-14 | Merge branch 'fix-context-canceled-in-auth-and-artifacts' into 'master' | Vladimir Shushlin | |
fix: handle context canceled gracefully for auth and artifacts Closes #679 See merge request gitlab-org/gitlab-pages!721 | |||
2022-04-13 | test: simplify cache test for ctx errors | feistel | |
2022-04-13 | refactor: pass the correlationID direcly instead of using the context | feistel | |
2022-04-13 | test: add cache test case for ctx errors | feistel | |
2022-04-13 | fix: do not cache responses if there is a ctx error | feistel | |
If the retriever timed out or there was a ctx/temporary error we just trigger a refresh on future requests Changelog: fixed | |||
2022-04-11 | Increase serverWriteTimeout to avoid errors with large files | Kassio Borges | |
Related to: https://gitlab.com/gitlab-org/gitlab-pages/-/issues/725 Changelog: fixed | |||
2022-04-08 | chore: fix linter issues | Jaime Martinez | |
2022-04-08 | chore: move check outside of fetching token function | Jaime Martinez | |
2022-04-08 | fix: handle context canceled gracefully for auth and artifacts | Jaime Martinez | |
Changelog: changed | |||
2022-04-06 | Add comment details for nonce size | Vishal Tak | |
2022-04-06 | Update nonce to make it of standard size | Vishal Tak | |
Changelog: changed | |||
2022-04-05 | Merge branch 'refactor/specialized-require' into 'master' | Jaime Martinez | |
test: replace require.Equal with specialized assertions See merge request gitlab-org/gitlab-pages!685 | |||
2022-04-04 | Merge branch 'build-fips' into 'master' | Vladimir Shushlin | |
Add FIPS support See merge request gitlab-org/gitlab-pages!716 | |||
2022-04-01 | Merge branch 'security-fix-weak-timeouts' into 'master' | Vladimir Shushlin | |
Fix weak timeouts See merge request gitlab-org/security/gitlab-pages!18 | |||
2022-04-01 | Fix weak timeouts | Kassio Borges | |
2022-04-01 | Merge branch 'security-validate-session-host' into 'master' | Vladimir Shushlin | |
fix: validate that session was issued on the same host See merge request gitlab-org/security/gitlab-pages!28 | |||
2022-03-31 | Clean makefile and add runtime check for fipsbuild-fips | Vishal Tak | |
2022-03-28 | Add FIPS support | Vishal Tak | |
Changelog: added | |||
2022-03-24 | fix: validate that session was issued on the same host | Vladimir Shushlin | |
Currently, sessions are valid across all domains. And our auth tokens are also valid for all pages projects user has access to. This means that cookie from one website can be reused on the another. Attackers can steal cookies in many different ways. The easiest way would be to setup a validated custom domain, then proxy all requests to pages server, but log the cookies. Once you have a cookie for attackers domain, you can reuse it on any other pages domain the target user has access to. This commit saves current domain in the session and validates it when reading the session. Changelog: security | |||
2022-03-15 | fix flag descriptionfeature/zip-http-timeout-param | vtak | |
2022-03-15 | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-pages into ↵ | vtak | |
feature/zip-http-timeout-param | |||
2022-03-15 | feat: allow auth http.Client timeout to be configurable | Osman İlge Ünaldı | |
Changelog: added | |||
2022-03-14 | add flag to parameterize zip http client timeout | vtak | |
Changelog: added | |||
2022-03-11 | Add correlation_id to all exception captures | Kassio Borges | |
2022-03-04 | feat: make server shutdown timeout configurable | Hüseyin Emre Aksoy | |
Changelog: added | |||
2022-02-24 | test: replace require.Equal with specialized assertions | feistel | |
2022-02-24 | Merge branch 'refactor/test-erroris' into 'master' | Jaime Martinez | |
test: migrate to assertions using modern error checking See merge request gitlab-org/gitlab-pages!684 | |||
2022-02-22 | Merge branch 'reject-tls-2' into 'master' | Vladimir Shushlin | |
feat: add rate limits on the TLS connection level See merge request gitlab-org/gitlab-pages!700 | |||
2022-02-22 | refactor: review fixes | Vladimir Shushlin | |
2022-02-22 | feat: Always apply TLS limits even without ServerName | Vladimir Shushlin | |
2022-02-21 | feat: Add TLS rate limits | Vladimir Shushlin | |
Changelog: added | |||
2022-02-18 | lint: linting with make format | yigithankardas | |
2022-02-18 | refactor: use testhelpers.Close() | yigithankardas | |
2022-02-17 | Merge branch 'fix/read-mime-header' into 'master' | Jaime Martinez | |
refactor: parse custom headers using ReadMIMEHeader Closes #536 See merge request gitlab-org/gitlab-pages!517 | |||
2022-02-17 | refactor: use multierrors in custom headers parsing | feistel | |
2022-02-17 | Merge branch 'acceptance_tests' into 'master' | Jaime Martinez | |
Replacing defer with testhelpers.Close() part 1 See merge request gitlab-org/gitlab-pages!689 |