Mercurial Mercurial > hg / changelog
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | zip | gz | bz2 | help
(0) -30000 -10000 -3000 -1000 -300 -100 -30 -10 -7 +7 +10 +30 +100 +300 +1000 +3000 +10000 tip
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Thu, 03 May 2018 14:43:25 +0900 hgweb: prevent triggering dummy href="#" handler stable
changeset
Yuya Nishihara <yuya@tcha.org> [Thu, 03 May 2018 14:43:25 +0900] rev 37831
hgweb: prevent triggering dummy href="#" handler Follow up for the previous patch.
Wed, 02 May 2018 21:00:43 -0700 paper: add href="#" to links with click handlers stable
changeset
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 02 May 2018 21:00:43 -0700] rev 37830
paper: add href="#" to links with click handlers This restores the styling that was accidentally removed by the previous change to these files. Differential Revision: https://phab.mercurial-scm.org/D3438
Wed, 02 May 2018 19:16:01 -0700 paper: don't register click handlers with inline javascript (issue5812) stable
changeset
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 02 May 2018 19:16:01 -0700] rev 37829
paper: don't register click handlers with inline javascript (issue5812) The use of inline href="javascript:" undermines CSP policies that don't allow inline javascript. This commit changes the registering of the diffstat and line wrapping toggle handlers to the the global DOMContentLoaded handler, thus eliminating all inline javascript from the paper template. Differential Revision: https://phab.mercurial-scm.org/D3437
Mon, 30 Apr 2018 17:28:59 -0700 hgweb: allow Content-Security-Policy header on 304 responses (issue5844) stable
changeset
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 30 Apr 2018 17:28:59 -0700] rev 37828
hgweb: allow Content-Security-Policy header on 304 responses (issue5844) A side-effect of 98baf8dea553 was that the Content-Security-Policy header was set on all HTTP responses by default. This header wasn't in our list of allowed headers for HTTP 304 responses. This would trigger a ProgrammingError when a 304 response was issued via hgwebdir. This commit adds Content-Security-Policy to the allow list of headers for 304 responses so we no longer encounter the error. Differential Revision: https://phab.mercurial-scm.org/D3436
Mon, 30 Apr 2018 17:22:20 -0700 hgweb: discard Content-Type header for 304 responses (issue5844) stable
changeset
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 30 Apr 2018 17:22:20 -0700] rev 37827
hgweb: discard Content-Type header for 304 responses (issue5844) A side-effect of 98baf8dea553 was that hgwebdir always sets a global default for the Content-Type header. HTTP 304 responses don't allow the Content-Type header. So a side-effect of this change was that HTTP 304 responses served via hgwebdir resulted in a ProgrammingError being raised. This commit teaches our 304 response issuing code to drop the Content-Type header. Differential Revision: https://phab.mercurial-scm.org/D3435
Mon, 30 Apr 2018 17:08:56 -0700 tests: add tests demonstrating ISE for HTTP 304 responses with hgwebdir stable
changeset
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 30 Apr 2018 17:08:56 -0700] rev 37826
tests: add tests demonstrating ISE for HTTP 304 responses with hgwebdir There are two separate failures here. One for the Content-Type header. Another for the Content-Security-Policy header. Differential Revision: https://phab.mercurial-scm.org/D3434
Fri, 27 Apr 2018 14:51:02 -0700 hgweb: guard against empty Content-Length header stable
changeset
Gregory Szorc <gregory.szorc@gmail.com> [Fri, 27 Apr 2018 14:51:02 -0700] rev 37825
hgweb: guard against empty Content-Length header Discussion in issue 5860 seems to indicate this can occur. Differential Revision: https://phab.mercurial-scm.org/D3432
(0) -30000 -10000 -3000 -1000 -300 -100 -30 -10 -7 +7 +10 +30 +100 +300 +1000 +3000 +10000 tip
Mercurial