An error occurred fetching the project authors.
- 19 Dec, 2018 1 commit
-
-
Jarka Košanová authored
- we now use the hierarchy class also for epics - also rename supports_nested_groups? into supports_nested_objects? - move it to a concern
-
- 16 Dec, 2018 1 commit
-
-
Jasper Maes authored
-
- 06 Dec, 2018 1 commit
-
-
Kamil Trzciński authored
The Correlation ID is taken or generated from received X-Request-ID. Then it is being passed to all executed services (sidekiq workers or gitaly calls). The Correlation ID is logged in all structured logs as `correlation_id`.
-
- 29 Nov, 2018 2 commits
-
-
Imre Farkas authored
Adds gitlab.impersonation_enabled config option defaulting to true to keep the current default behaviour. Only the act of impersonation is modified, impersonation token management is not affected.
-
Cindy Pallares authored
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request" See merge request gitlab/gitlabhq!2583
-
- 23 Nov, 2018 1 commit
-
-
James Lopez authored
-
- 18 Nov, 2018 1 commit
-
-
Imre Farkas authored
-
- 15 Nov, 2018 1 commit
-
-
Jasper Maes authored
-
- 23 Oct, 2018 1 commit
-
-
James Lopez authored
-
- 13 Oct, 2018 1 commit
-
-
Jan Provaznik authored
In Rails 5 catches invalid UTF8 characters in querystring in a params middleware, errors are handled by a params middleware and raises a BadRequest exception. This means that these UTF8 errors are not raised deeper in application stack and these can't also be handled on application level. If we would want to have custom handler for these errors, we would have to create a new middleware and insert it before actionpack's params middleware and rescue BadRequest exceptions there. But there is no need to do this currently (see discussion on https://gitlab.com/gitlab-org/gitlab-ce/issues/51908)
-
- 10 Oct, 2018 1 commit
-
-
Zeger-Jan van de Weg authored
Was introduced in the time that GitLab still used NFS, which is not required anymore in most cases. By removing this, the API it calls will return empty responses. This interface has to be removed in the next major release, expected to be 12.0.
-
- 08 Oct, 2018 1 commit
-
-
Stan Hu authored
Raven.capture_exception is already called by log_exception.
-
- 01 Oct, 2018 1 commit
-
-
David authored
-
- 26 Sep, 2018 2 commits
-
-
Rémy Coutable authored
Signed-off-by:
Rémy Coutable <remy@rymai.me>
-
Igor Kapkov authored
-
- 22 Sep, 2018 1 commit
-
-
Felipe Artur authored
Renders 412 error page when invalid UTF-8 is passed as parameters in controllers.
-
- 19 Sep, 2018 1 commit
-
-
gfyoung authored
Enables frozen string for the following: * app/controllers/*.rb * app/controllers/admin/**/*.rb * app/controllers/boards/**/*.rb * app/controllers/ci/**/*.rb * app/controllers/concerns/**/*.rb Partially addresses #47424.
-
- 07 Sep, 2018 1 commit
-
-
Jan Provaznik authored
-
- 05 Sep, 2018 1 commit
-
-
Stan Hu authored
This will help production gain more visibility which browsers may be having issues.
-
- 10 Aug, 2018 1 commit
-
-
Stan Hu authored
Users without GitLab 2FA enabled would be logged out after an hour due to a regression in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20700. The OAuth2 controller sets the current_user after the controller is finished, so we should only limit session times after this has been done. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/50210
-
- 07 Aug, 2018 1 commit
-
-
Peter Leitzen authored
-
- 03 Aug, 2018 1 commit
-
-
Grzegorz Bizon authored
-
- 02 Aug, 2018 1 commit
-
-
Grzegorz Bizon authored
-
- 01 Aug, 2018 3 commits
-
-
Grzegorz Bizon authored
-
Grzegorz Bizon authored
-
Grzegorz Bizon authored
-
- 27 Jul, 2018 1 commit
-
-
Grzegorz Bizon authored
-
- 24 Jul, 2018 1 commit
-
-
Kia Mei Somabes authored
-
- 22 Jul, 2018 1 commit
-
-
Kia Mei Somabes authored
-
- 20 Jul, 2018 1 commit
-
-
Kia Mei Somabes authored
-
- 18 Jul, 2018 1 commit
-
-
Stan Hu authored
By default, all sessions are given the same expiration time configured in the session store (e.g. 1 week). However, unauthenticated users can generate a lot of sessions, primarily for CSRF verification. It makes sense to reduce the TTL for unauthenticated to something much lower than the default (e.g. 1 hour) to limit Redis memory. In addition, Rails creates a new session after login, so the short TTL doesn't even need to be extended. Closes #48101
-
- 11 Jul, 2018 2 commits
-
-
Dmitriy Zaporozhets authored
Signed-off-by:
Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
Dmitriy Zaporozhets authored
Signed-off-by:
Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 25 Jun, 2018 1 commit
-
-
Stan Hu authored
-
- 21 Jun, 2018 1 commit
-
-
blackst0ne authored
Since Rails 5.0 the `protect_from_forgery` callback doesn't run first by default anymore. [1] Instead it gets inserted into callbacks chain where callbacks get called in order. This commit forces the callback to run first. [1]: https://github.com/rails/rails/commit/39794037817703575c35a75f1961b01b83791191
-
- 13 Jun, 2018 1 commit
-
-
Bob Van Landuyt authored
The `errors/access_denied` page should not fail to render when no message is provided. When accessing something as a sessionless user, we should also display the terms message if possible.
-
- 06 Jun, 2018 1 commit
-
-
Stan Hu authored
We have a number of import errors occurring with 422 errors, and it's hard to determine why they are happening. This change will surface the errors in the log lines. Relates to #47365
-
- 05 Jun, 2018 1 commit
-
-
Bob Van Landuyt authored
When we want to show an access denied message to a user, we don't have to hide the resource's existence. So in that case we render a 403, this 403 is not handled by nginx on omnibus installs, making sure the message is visible to the user.
-
- 31 May, 2018 1 commit
-
-
Paul Slaughter authored
-
- 11 May, 2018 1 commit
-
-
Bob Van Landuyt authored
Before we would block the `sign_out` request when the user did not accept the terms, therefore redirecting them to the terms again. By allowing all request to devise controllers, we avoid this problem.
-