summaryrefslogtreecommitdiff
path: root/config/initializers
Commit message (Collapse)AuthorAgeFilesLines
* Minor policy refinements.csp-basicsConnor Shea2016-07-181-8/+12
|
* Document the CSP file.Connor Shea2016-07-181-11/+38
|
* Only enable CSP policies when relevant features are enabled.Connor Shea2016-07-181-1/+27
| | | | Gravatar, Google Analytics, Piwik, Recaptcha, etc.
* Remove background_jobs-specific headers.Connor Shea2016-07-181-5/+0
|
* Only report to Sentry when it's enabled.Connor Shea2016-07-181-2/+6
|
* Add Sidekiq-specific headers.Connor Shea2016-07-181-2/+10
|
* Add the CSP reporting URI of Sentry.Connor Shea2016-07-181-1/+8
|
* Update image policy to allow external images over HTTPS.Connor Shea2016-07-181-1/+1
|
* Remove unsafe eval directive from scripts.Connor Shea2016-07-181-1/+1
|
* Fix that which hath been broken. Except the sidekiq admin iframe.Connor Shea2016-07-181-0/+38
|
* Update the health_check gem to the latest releaseupdate-health-check-gemDJ Mountney2016-07-111-13/+0
| | | | This allows us to drop our disable email config override
* Instrument Rinku usage18593-autofilter-rinku-instrumentationPaco Guzman2016-07-041-0/+2
|
* Enable Style/EmptyLines cop, remove redundant onesrubocop/enable-cops-for-empty-linesGrzegorz Bizon2016-07-011-4/+0
|
* Metrics for Rouge::Plugins::Redcarpet and Rouge::Formatters::HTMLGitlab18592-syntaxhighlighter-slowPaco Guzman2016-07-011-0/+3
|
* Import from Github using Personal Access Tokens.Eric K Idema2016-06-301-1/+2
| | | | | | | | | | | | | This stands as an alternative to using OAuth to access a user's Github repositories. This is setup in such a way that it can be used without OAuth configuration. From a UI perspective, the how to import modal has been replaced by a full page, which includes a form for posting a personal access token back to the Import::GithubController. If the user has logged in via GitHub, skip the Personal Access Token and go directly to Github for an access token via OAuth.
* Merge branch 'rack-request-trusted-proxies' into 'master' Douwe Maan2016-06-301-0/+13
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make Rack::Request use our trusted proxies when filtering IP addresses ## What does this MR do? This allows us to control the trusted proxies while deployed in a private network. ## Are there points in the code the reviewer needs to double check? If we want to limit what is impacted, we can do this specifically for the rack_attack request object. ## Why was this MR needed? Normally Rack::Request will trust all private IPs as trusted proxies, which can cause problems if your users are connection on you network via private IP ranges. Normally in a rails app this is handled by action_dispatch request, but rack_attack is specifically using the Rack::Request object instead. ## What are the relevant issue numbers? Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17550 ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~ - [ ] ~~API support added~~ - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) \cc @stanhu See merge request !4958
| * Make Rack::Request use our trusted proxies when filtering IP addressesrack-request-trusted-proxiesDJ Mountney2016-06-291-0/+13
| | | | | | | | | | | | This allows us to control the trusted proxies while deployed in a private network. Normally Rack::Request will trust all private IPs as trusted proxies, which can caue problems if your users are connection on you network via private IP ranges. Normally in a rails app this is handled by action_dispatch request, but rack_attack is specifically using the Rack::Request object instead.
* | Create (if necessary) and link the gitlab-shell secret file on the rake ↵shardsAlejandro Rodríguez2016-06-291-19/+1
| | | | | | | | install task
* | Refactor repository paths handling to allow multiple git mount pointsAlejandro Rodríguez2016-06-292-1/+32
|/
* Enable Style/SpaceAfterComma Rubocop coprubocop/enable-space-after-copsGrzegorz Bizon2016-06-292-2/+2
|
* Merge branch 'add-smtp-setting' into 'master' Stan Hu2016-06-241-0/+1
|\ | | | | | | | | | | | | | | | | Add SMTP as default delivery method to match gitlab-org/omnibus-gitlab!826 Something happened after upgrading to 8.9RC5 that caused mail settings to be set to sendmail by default. gitlab-com/infrastructure#128 describes the issue in more detail. This MR mirrors the change in omnibus with gitlab-org/omnibus-gitlab!826. Closes #19132 See merge request !4915
| * Add SMTP as default delivery method to match gitlab-org/omnibus-gitlab!826Stan Hu2016-06-241-0/+1
| | | | | | | | | | | | Closes #19132 [ci skip]
* | Merge branch 'health-check-disable-email' into 'master' Rémy Coutable2016-06-241-0/+14
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Disable the email checking part of the standard Health Check ## What does this MR do? In order to fix it we have overwritten the email_configured? method in the health check so that it does not check email status during the standard health check. ## Why was this MR needed? The email check used in the Heath Check doesn't properly make use of enough of the SMTP config options to be able to properly test the STMP connection, and as a result could cause a failure. ## What are the relevant issue numbers? Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17742 ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [x] ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~ - [x] ~~API support added~~ - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4903
| * Set the health_check mailer full checks to be the same as the standard checksDJ Mountney2016-06-241-0/+1
| | | | | | | | There was nothing additional in the full checks that we want to run (email, custom)
| * Disable the email checking part of the standard Health Checkhealth-check-disable-emailDJ Mountney2016-06-241-0/+13
| | | | | | | | | | | | | | | | The email check used in the Heath Check doesn't properly make use of enough of the SMTP config options to be able to properly test the STMP connection, and as a result could cause a failure. In order to fix it we have overwritten the email_configured? method in the health check so that it does not check email status during the standard health check.
* | Support for rendering/redacting multiple documentsYorick Peterse2016-06-241-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit changes the way certain documents are rendered (currently only Notes) and how documents are redacted. Previously both rendering and redacting would run on a per document basis. The result of this was that for every document we'd have to run countless queries just to figure out if we could display a set of links or not. This commit changes things around so that redacting Markdown documents is no longer tied into the html-pipeline Gem. This in turn allows it to redact multiple documents in a single pass, thus reducing the number of queries needed. In turn rendering issue/merge request notes has been adjusted to take advantage of this new setup. Instead of rendering Markdown somewhere deep down in a view the Markdown is rendered and redacted in the controller (taking the current user and all that into account). This has been done in such a way that the "markdown()" helper method can still be used on its own. This particular commit also paves the way for caching rendered HTML on object level. Right now there's an accessor method Note#note_html which is used for setting/getting the rendered HTML. Once we cache HTML on row level we can simply change this field to be a column and call a "save" whenever needed and we're pretty much done.
* | Restrict hamlit version, remove coffeescript filters.Connor Shea2016-06-231-0/+3
| |
* | Replace Haml with Hamlit.connorshea2016-06-222-7/+15
|/ | | | | | Hamlit is a library that's faster than Haml while implementing most of its features: https://github.com/k0kubun/hamlit Not sure if this breaks anything, but as far as I can tell most things work the same. No obvious regressions that I've been able to find.
* add missing import sourcefix/import-sourcesJames Lopez2016-06-211-1/+1
|
* Avoid autoload issue such as 'Mail::Parsers::AddressStruct'18810-nameerror-uninitialized-constant-mail-parsers-addressstructRémy Coutable2016-06-201-0/+4
| | | | | | By eager-loading the Mail gem in the Sidekiq initializer. Signed-off-by: Rémy Coutable <remy@rymai.me>
* Merge branch 'feature/project-export' into 'master' Douwe Maan2016-06-171-0/+3
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Export project functionality This is a MR for the export functionality of https://gitlab.com/gitlab-org/gitlab-ce/issues/3050, which adds the ability to export single projects. - [x] members - DB data - [x] issues - [x] issue comments - [x] merge requests - [x] merge request diff - [x] merge request comments - [x] labels - [x] milestones - [x] snippets - [x] releases - [x] events - [x] commit statuses - [x] CI builds - File system data - [x] Git repository - [x] wiki - [x] uploads - [ ] ~~CI build traces~~ - [ ] ~~CI build artifacts~~ - [ ] ~~LFS objects~~ - DB configuration - [x] services - [x] web hooks - [x] protected branches - [x] deploy keys - [x] CI variables - [x] CI triggers See merge request !3114
| * fixed merge conflicts on UI branchJames Lopez2016-06-164-12/+32
| |\
| * | some refactoring - renaming things, etc..James Lopez2016-06-151-3/+3
| | |
| * | project export archiverJames Lopez2016-06-141-0/+3
| | |
* | | Fix images in emails18474-missing-images-on-confirmation-emailSean McGivern2016-06-161-0/+1
| |/ |/|
* | Merge branch '18451-track-new-redis-connections' into 'master' Douwe Maan2016-06-151-0/+16
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Resolve "Track the number of new Redis connections per transaction" ## What does this MR do? Add a new metric counter, `new_redis_connections`, that contains the number of calls to `Redis::Client#connect` in the current transaction. ## Are there points in the code the reviewer needs to double check? Not sure. I tested this in kind of a brute-force way: 1. Add a debugger in the monkey-patched `connect` method. 2. With metrics enabled, start the app and load a page. 3. The first Redis connection is created by `Rack::Attack` and isn't in a transaction, but still works fine. 4. The second Redis connection is within a transaction (the page load), and increments the counter. 5. If I reload the page, neither debugger is hit. 6. If I use a Redis client and do `CLIENT KILL` on my two existing clients, then reload the page, I get 3 and 4 again. 7. If I disable metrics collection, the debugger never gets hit. ## Why was this MR needed? We may have a Redis connection leak somewhere, so adding metrics will let us track this. ## What are the relevant issue numbers? Closes #18451. ## Screenshots (if relevant) Hahaha nope, not relevant. ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - [ ] Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) cc @yorickpeterse See merge request !4649
| * | Track new Redis connectionsSean McGivern2016-06-141-0/+16
| | | | | | | | | | | | | | | Increment the counter `new_redis_connections` on each call to `Redis::Client#connect`, if we're in a transaction.
* | | Merge branch '18527-instrument-private-methods' into 'master' Yorick Peterse2016-06-141-5/+0
|\ \ \ | | | | | | | | | | | | | | | | Instrument private methods and instance private methods See merge request !4639
| * | | Instrument private/protected methodsPaco Guzman2016-06-141-5/+0
| |/ / | | | | | | | | | | | | | | | | | | By default instrumentation will instrument public, protected and private methods, because usually heavy work is done on private method or at least that’s what facts is showing
* | | Merge remote-tracking branch 'origin/master' into artifacts-expire-dateKamil Trzcinski2016-06-141-1/+1
|\ \ \ | |/ /
| * | Merge branch 'gitlab-auth-method-names' into 'master' Douwe Maan2016-06-131-1/+1
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Improve Gitlab::Auth method names Auth.find was a very generic name for a very specific method. Auth.find_in_gitlab_or_ldap was inaccurate in GitLab EE where it also looks in Kerberos. See merge request !4589
| | * | Improve Gitlab::Auth method namesJacob Vosmaer2016-06-101-1/+1
| | |/ | | | | | | | | | | | | | | | Auth.find was a very generic name for a very specific method. Auth.find_in_gitlab_or_ldap was inaccurate in GitLab EE where it also looks in Kerberos.
* | | Merge remote-tracking branch 'origin/master' into artifacts-expire-dateKamil Trzcinski2016-06-131-6/+11
|\ \ \ | |/ /
| * | Instrument all Banzai::ReferenceParser classesinstrument-reference-parsersYorick Peterse2016-06-131-6/+11
| |/ | | | | | | | | Now that this code is no longer part of Banzai::Filter it needs to be instrumented explicitly.
* | Added documentation to artifacts expireKamil Trzcinski2016-06-131-1/+1
| |
* | Enable exceptions on ChronicDurationKamil Trzcinski2016-06-131-0/+1
| |
* | Move keep to ArtifactsControllerKamil Trzcinski2016-06-131-3/+3
| |
* | Allow to expire build artifactsKamil Trzcinski2016-06-131-0/+3
|/
* Merge branch 'master' of https://gitlab.com/gitlab-org/gitlab-ce into ↵Jacob Vosmaer2016-06-082-0/+11
|\ | | | | | | | | | | | | git-http-controller Conflicts: lib/gitlab/workhorse.rb
| * Instrument `RepositoryCheck::SingleRepositoryWorker` manuallyAlejandro Rodríguez2016-06-071-0/+7
| | | | | | | | This worker is called manually by `RepositoryCheck::BatchWorker` meaning it's not tracked automatically by the Sidekiq middleware.
View Lorry Controller Status