Commit 89506940 authored by Jacob Schatz's avatar Jacob Schatz

Merge branch 'revert-sri' into 'master'

Revert Subresource Integrity pending a fix for Firefox's incorrect hashing implementation.

Per the discussion in #18230, Firefox support is broken :(

cc: @jschatz1 

See merge request !4943
parents 3659992c 47b9b162
...@@ -8,7 +8,6 @@ v 8.10.0 (unreleased) ...@@ -8,7 +8,6 @@ v 8.10.0 (unreleased)
- Fix MR-auto-close text added to description. !4836 - Fix MR-auto-close text added to description. !4836
- Fix pagination when sorting by columns with lots of ties (like priority) - Fix pagination when sorting by columns with lots of ties (like priority)
- Exclude email check from the standard health check - Exclude email check from the standard health check
- Implement Subresource Integrity for CSS and JavaScript assets. This prevents malicious assets from loading in the case of a CDN compromise.
- Fix changing issue state columns in milestone view - Fix changing issue state columns in milestone view
- Fix user creation with stronger minimum password requirements !4054 (nathan-pmt) - Fix user creation with stronger minimum password requirements !4054 (nathan-pmt)
- Add API endpoint for a group issues !4520 (mahcsig) - Add API endpoint for a group issues !4520 (mahcsig)
......
module JavascriptHelper module JavascriptHelper
def page_specific_javascript_tag(js) def page_specific_javascript_tag(js)
javascript_include_tag asset_path(js), { integrity: true, "data-turbolinks-track" => true } javascript_include_tag asset_path(js), { "data-turbolinks-track" => true }
end end
end end
...@@ -25,10 +25,10 @@ ...@@ -25,10 +25,10 @@
= favicon_link_tag 'favicon.ico' = favicon_link_tag 'favicon.ico'
= stylesheet_link_tag "application", media: "all", integrity: true = stylesheet_link_tag "application", media: "all"
= stylesheet_link_tag "print", media: "print", integrity: true = stylesheet_link_tag "print", media: "print"
= javascript_include_tag "application", integrity: true = javascript_include_tag "application"
- if content_for?(:page_specific_javascripts) - if content_for?(:page_specific_javascripts)
= yield :page_specific_javascripts = yield :page_specific_javascripts
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment