delta/gitlab/gitlab-ce.git/spec/controllers/application_controller_spec.rb, branch issue_51323 gitlab.com: gitlab-org/gitlab-ce.git Fix content caching for non auth users 2018-10-23T14:22:12+00:00 James Lopez james@jameslopez.es 2018-10-18T11:28:12+00:00 782badd0a2cd00d2a9cbe591e78b30aca32e252b 






Use InvalidUTF8ErrorHandler only for rails 4
2018-10-13T17:45:27+00:00

Jan Provaznik
jprovaznik@gitlab.com

2018-10-13T17:45:27+00:00

c6a4c9231e983f2bd5f0c2115a5c9c16fd18bfb2

In Rails 5 catches invalid UTF8 characters in querystring in a
params middleware, errors are handled by a params middleware and
raises a BadRequest exception. This means that these UTF8 errors
are not raised deeper in application stack and these can't also
be handled on application level.

If we would want to have custom handler for these errors, we would
have to create a new middleware and insert it before actionpack's
params middleware and rescue BadRequest exceptions there. But there
is no need to do this currently (see discussion on
https://gitlab.com/gitlab-org/gitlab-ce/issues/51908)





In Rails 5 catches invalid UTF8 characters in querystring in a
params middleware, errors are handled by a params middleware and
raises a BadRequest exception. This means that these UTF8 errors
are not raised deeper in application stack and these can't also
be handled on application level.

If we would want to have custom handler for these errors, we would
have to create a new middleware and insert it before actionpack's
params middleware and rescue BadRequest exceptions there. But there
is no need to do this currently (see discussion on
https://gitlab.com/gitlab-org/gitlab-ce/issues/51908)







Remove Git circuit breaker
2018-10-10T07:08:18+00:00

Zeger-Jan van de Weg
git@zjvandeweg.nl

2018-10-09T05:59:42+00:00

30b4ce940d28804e0b38ea9ea4f89793d41392db

Was introduced in the time that GitLab still used NFS, which is not
required anymore in most cases. By removing this, the API it calls will
return empty responses. This interface has to be removed in the next
major release, expected to be 12.0.





Was introduced in the time that GitLab still used NFS, which is not
required anymore in most cases. By removing this, the API it calls will
return empty responses. This interface has to be removed in the next
major release, expected to be 12.0.







Add custom header for error responses
2018-10-01T17:43:40+00:00

David
david.piegza@mailbox.org

2018-10-01T17:43:40+00:00

fea4efe42f03e983c1b4bcfcce2c7e8db82f7447












Render 412 for invalid UTF-8 parameters
2018-09-22T15:15:53+00:00

Felipe Artur
felipefac@gmail.com

2018-09-05T19:41:59+00:00

1fcc7f9ba23a5ca02773e080ccb66f37435150ff

Renders 412 error page when invalid UTF-8 is passed
as parameters in controllers.





Renders 412 error page when invalid UTF-8 is passed
as parameters in controllers.







Fix logins via OAuth2 geting logged out in an hour
2018-08-10T21:41:59+00:00

Stan Hu
stanhu@gmail.com

2018-08-10T19:15:06+00:00

a7e2f96b59035fd4628a047370c87400e16a4b63

Users without GitLab 2FA enabled would be logged out after an hour
due to a regression in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20700.

The OAuth2 controller sets the current_user after the controller is finished, so
we should only limit session times after this has been done.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/50210





Users without GitLab 2FA enabled would be logged out after an hour
due to a regression in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20700.

The OAuth2 controller sets the current_user after the controller is finished, so
we should only limit session times after this has been done.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/50210







Don't set gon variables in JSON requests
2018-08-07T21:28:57+00:00

Peter Leitzen
peter@leitzen.de

2018-08-07T21:28:57+00:00

ffcf50c8725c42a11f19c30dd8b680ec3525365f












Merge branch 'feature/gb/login-activity-metrics' into 'master'
2018-07-31T10:44:22+00:00

Sean McGivern
sean@mcgivern.me.uk

2018-07-31T10:44:22+00:00

e6dd3c527626af1c0f521792360f7c4b29bfee36

Add user authentication activity metrics

Closes #47789

See merge request gitlab-org/gitlab-ce!20668




Add user authentication activity metrics

Closes #47789

See merge request gitlab-org/gitlab-ce!20668






Add authentication metrics for sessionless sign in
2018-07-27T10:56:34+00:00

Grzegorz Bizon
grzesiek.bizon@gmail.com

2018-07-27T10:56:34+00:00

00e4d918a3cf14a96d25822b6d65c7b6d8f00b63












Limit the TTL for anonymous sessions to 1 hour
2018-07-18T19:39:51+00:00

Stan Hu
stanhu@gmail.com

2018-07-18T18:18:14+00:00

c559c43dafb75005f5589c473729054845bb498b

By default, all sessions are given the same expiration time configured in the
session store (e.g. 1 week). However, unauthenticated users can generate a lot
of sessions, primarily for CSRF verification. It makes sense to reduce the TTL
for unauthenticated to something much lower than the default (e.g. 1 hour) to
limit Redis memory. In addition, Rails creates a new session after login,
so the short TTL doesn't even need to be extended.

Closes #48101





By default, all sessions are given the same expiration time configured in the
session store (e.g. 1 week). However, unauthenticated users can generate a lot
of sessions, primarily for CSRF verification. It makes sense to reduce the TTL
for unauthenticated to something much lower than the default (e.g. 1 hour) to
limit Redis memory. In addition, Rails creates a new session after login,
so the short TTL doesn't even need to be extended.

Closes #48101