1. 04 Mar, 2019 1 commit
  2. 25 Feb, 2019 1 commit
  3. 22 Feb, 2019 1 commit
    • Evan Read's avatar
      Ensure all lists are surrounded by new lines · eb866309
      Evan Read authored
      Markdown renderers find it easier to determine
      where lists start and end when lists are surrounded
      by new lines.
      
      For consistency, also ensure entries in the list
      are aligned when they span multipls lines.
      eb866309
  4. 21 Feb, 2019 1 commit
  5. 18 Feb, 2019 2 commits
  6. 13 Feb, 2019 1 commit
  7. 08 Feb, 2019 1 commit
  8. 31 Jan, 2019 1 commit
    • Stan Hu's avatar
      Alias GitHub and BitBucket OAuth2 callback URLs · 88f2e961
      Stan Hu authored
      To prevent an OAuth2 covert redirect vulnerability, this commit adds and
      uses an alias for the GitHub and BitBucket OAuth2 callback URLs to the
      following paths:
      
      GitHub: /users/auth/-/import/github
      Bitbucket: /users/auth/-/import/bitbucket
      
      This allows admins to put a more restrictive callback URL in the OAuth2
      configuration settings. Instead of https://example.com, admins can now use:
      
      https://example.com/users/auth
      
      It's possible but not trivial to change Devise and OmniAuth to use a
      different prefix for callback URLs instead of /users/auth. For now,
      aliasing the import URLs under the /users/auth namespace should suffice.
      
      Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56663
      88f2e961
  9. 24 Jan, 2019 1 commit
  10. 22 Jan, 2019 1 commit
    • Stan Hu's avatar
      Alias GitHub and BitBucket OAuth2 callback URLs · 6d57b2fd
      Stan Hu authored
      To prevent an OAuth2 covert redirect vulnerability, this commit adds and
      uses an alias for the GitHub and BitBucket OAuth2 callback URLs to the
      following paths:
      
      GitHub: /users/auth/-/import/github
      Bitbucket: /users/auth/-/import/bitbucket
      
      This allows admins to put a more restrictive callback URL in the OAuth2
      configuration settings. Instead of https://example.com, admins can now use:
      
      https://example.com/users/auth
      
      It's possible but not trivial to change Devise and OmniAuth to use a
      different prefix for callback URLs instead of /users/auth. For now,
      aliasing the import URLs under the /users/auth namespace should suffice.
      
      Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56663
      6d57b2fd
  11. 11 Jan, 2019 1 commit
  12. 08 Jan, 2019 1 commit
  13. 29 Dec, 2018 1 commit
  14. 18 Dec, 2018 1 commit
  15. 07 Dec, 2018 1 commit
  16. 20 Nov, 2018 1 commit
  17. 13 Nov, 2018 3 commits
  18. 09 Nov, 2018 1 commit
  19. 01 Nov, 2018 1 commit
  20. 22 Oct, 2018 1 commit
  21. 19 Oct, 2018 1 commit
  22. 25 Sep, 2018 1 commit
  23. 21 Sep, 2018 1 commit
  24. 13 Sep, 2018 1 commit
  25. 06 Sep, 2018 1 commit
  26. 27 Aug, 2018 1 commit
  27. 20 Aug, 2018 1 commit
  28. 09 Aug, 2018 1 commit
  29. 08 Aug, 2018 1 commit
  30. 10 Jul, 2018 1 commit
  31. 06 Jul, 2018 1 commit
  32. 05 Jul, 2018 1 commit
  33. 04 Jul, 2018 1 commit
  34. 28 Jun, 2018 1 commit
  35. 25 Jun, 2018 1 commit
  36. 22 Jun, 2018 1 commit
  37. 18 Jun, 2018 1 commit