diff options
Diffstat (limited to 'doc/development/new_fe_guide/development')
4 files changed, 0 insertions, 32 deletions
diff --git a/doc/development/new_fe_guide/development/design_patterns.md b/doc/development/new_fe_guide/development/design_patterns.md deleted file mode 100644 index ee06566ed30..00000000000 --- a/doc/development/new_fe_guide/development/design_patterns.md +++ /dev/null @@ -1,3 +0,0 @@ -# Design patterns - -> TODO: Add content diff --git a/doc/development/new_fe_guide/development/index.md b/doc/development/new_fe_guide/development/index.md index cee8e43ebad..5dced3dc466 100644 --- a/doc/development/new_fe_guide/development/index.md +++ b/doc/development/new_fe_guide/development/index.md @@ -1,9 +1,5 @@ # Development -## [Design patterns](design_patterns.md) - -Examples of proven design patterns used in our codebase. - ## [Components](components.md) Documentation on existing components and how to best create a new component. @@ -12,14 +8,6 @@ Documentation on existing components and how to best create a new component. Learn how to implement an accessible frontend. -## [Network requests](network_requests.md) - -Learn how to handle network requests in our codebase. - -## [Security](security.md) - -Learn how to ensure that our frontend is secure. - ## [Performance](performance.md) Learn how to keep our frontend performant. diff --git a/doc/development/new_fe_guide/development/network_requests.md b/doc/development/new_fe_guide/development/network_requests.md deleted file mode 100644 index 047c00313bc..00000000000 --- a/doc/development/new_fe_guide/development/network_requests.md +++ /dev/null @@ -1,3 +0,0 @@ -# Network requests - -> TODO: Add content diff --git a/doc/development/new_fe_guide/development/security.md b/doc/development/new_fe_guide/development/security.md deleted file mode 100644 index 5bb38f17988..00000000000 --- a/doc/development/new_fe_guide/development/security.md +++ /dev/null @@ -1,14 +0,0 @@ -# Security - -## Avoid inline scripts and styles - -Inline scripts and styles should be avoided in almost all cases. In an effort to protect users from [XSS vulnerabilities](https://en.wikipedia.org/wiki/Cross-site_scripting), we will be disabling inline scripts using Content Security Policy. - -## Including external resources - -External fonts, CSS, and JavaScript should never be used with the exception of Google Analytics and Piwik - and only when the instance has enabled it. Assets should always be hosted and served locally from the GitLab instance. Embedded resources via `iframes` should never be used except in certain circumstances such as with ReCaptcha, which cannot be used without an `iframe`. - -## Resources for security testing - -- [Mozilla's HTTP Observatory CLI](https://github.com/mozilla/http-observatory-cli) -- [Qualys SSL Labs Server Test](https://www.ssllabs.com/ssltest/analyze.html) |