Currently there is no way to download a raw file without embedding
the token in the URL, which exposes the token in the URL. There
should be an way of sending this information via the header as the
API does.
Closes https://github.com/gitlabhq/gitlabhq/issues/8137
Sorting by "id" has the same effect as sorting by created_at while
performing far better and without the need of an extra index (in case
one wanted to speed up sorting by "created_at").
Sorting by "Recently updated" still uses the physical "updated_at"
column as there's no way to use the "id" column for this instead.
It was possible to create an infi redirect when the user set up the
`home_page_url` to redirect to the main URL of the gitlab instance.
This fix makes sure this redirect is not possible.
Fixes!1020
Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
Safari 9.0 does not yet honor the HTML5 `origin-when-cross-origin` mode,
and it's possible load balancers/proxies strip the HTTP_REFERER from
the request header. In these cases, default to some default path.
Closes#3122
Closes https://github.com/gitlabhq/gitlabhq/issues/9731
Apply syntax highlighting to fenced code blocks client-side
Instead of applying the syntax highlighting scheme class to these blocks
server-side, we use Javascript and Gon to apply the user's color scheme
(or the default) client-side.
This will make it easier to cache these blocks in the future because
they're no longer state-dependent.
See merge request !1203
Many users naively set the home page URL setting to external_url
(e.g. https://mydomain.com). When an unauthenticated user signs in, this
causes endless redirections. For example, this is occuring:
1. Unauthenticated user attempts to access https://mydomain.com/dashboard
2. Application redirects to the home page URL: https://mydomain.com
3. Repeat step 2
In step 3, ApplicationController should have redirected the user to
https://mydomain.com/users/sign_in. Disabling the redirection if home
page URL is the same as external_url prevents users from messing up.
Closes https://github.com/gitlabhq/gitlabhq/issues/8843Closes#2057
Instead of rendering this value server-side, we use Javascript and Gon
to apply the user's color scheme (or the default) to any syntax
highlighted code blocks.
This will make it easier to cache these blocks in the future because
they're no longer state-dependent.
Redirection to the home page URL was broken by changing the target for
`root_url` from `DashboardController` to `RootController` in
94d3c1433d. This regression was introduced
in the 7.12.0 release.
Fixes#1916.
Rubén Dávila
Robert Speicher
Josh Frye
Stan Hu
Douwe Maan
Douwe Maan
Yorick Peterse
Gabriel Mazetto
tduehr
Jeroen van Baarsen
Robert Speicher
Jacob Vosmaer
Valery Sizov
Francesco Levorato
Dmitriy Zaporozhets
Jared Szechy
Artem Sidorenko
Daniel Gerhardt
Alex Lossent