Skip to content
GitLab
Explore
Sign in
Register
Open
0
Merged
20
Closed
0
All
20
Recent searches
Loading
{{ formattedKey }}
{{ title }}
{{ help }}
{{name}}
@{{username}}
None
Any
{{name}}
@{{username}}
None
Any
{{name}}
@{{username}}
None
Any
{{name}}
@{{username}}
None
Any
{{name}}
@{{username}}
{{name}}
@{{username}}
None
Any
Upcoming
Started
{{title}}
None
Any
{{title}}
None
Any
{{title}}
None
Any
{{name}}
Yes
No
Yes
No
{{title}}
{{title}}
{{title}}
Created date
security: enable public access of our GraphQL/Search/etc APIs from any domain/origin
!28775
· created
Dec 09, 2021
by
Administrator
main
apidocs
cla-signed
security
Merged
updated
Jan 04, 2022
security: update CSRF security model to indicate window.context is unprivileged
!28773
· created
Dec 09, 2021
by
Administrator
main
apidocs
cla-signed
security
Merged
updated
Dec 09, 2021
security: remove our CSRF tokens to improve security and reduce complexity of our threat model
!28572
· created
Dec 03, 2021
by
Administrator
main
apidocs
cla-signed
security
Merged
updated
Dec 06, 2021
security: add CSRF security model diagrams
!27937
· created
Nov 18, 2021
by
Administrator
main
cla-signed
security
Merged
updated
Dec 15, 2021
security: harden which cross-origin headers are allowed
!27931
· created
Nov 18, 2021
by
Administrator
main
apidocs
cla-signed
security
Merged
updated
Dec 03, 2021
security: remove our CSRF tokens to improve security and reduce complexity of our threat model
!27780
· created
Nov 16, 2021
by
Administrator
main
apidocs
cla-signed
security
Merged
2
updated
Nov 18, 2021
security: make session cookie authentication stricter
!27313
· created
Nov 09, 2021
by
Administrator
main
apidocs
cla-signed
security
Merged
1
updated
Nov 16, 2021
security: document and explain session CSRF safety better
!27303
· created
Nov 09, 2021
by
Administrator
main
apidocs
cla-signed
security
Merged
updated
Nov 09, 2021
security: improve clarity of CORS docstrings
!27298
· created
Nov 09, 2021
by
Administrator
main
apidocs
cla-signed
security
Merged
updated
Nov 09, 2021
security: remove duplicated code in CORS handling
!27297
· created
Nov 09, 2021
by
Administrator
main
apidocs
cla-signed
security
Merged
updated
Nov 09, 2021
security: improve readability of CORS handling
!27295
· created
Nov 09, 2021
by
Administrator
main
apidocs
cla-signed
security
Merged
updated
Nov 09, 2021
security: make CORS enforcement of non-API routes even more strict
!27246
· created
Nov 08, 2021
by
Administrator
main
apidocs
cla-signed
security
Merged
updated
Nov 09, 2021
security: enable handling CORS policies differently for API and non-API routes
!27240
· created
Nov 08, 2021
by
Administrator
main
apidocs
cla-signed
security
Merged
1
updated
Nov 09, 2021
security: update CSRF threat model to reflect a manual audit
!27236
· created
Nov 08, 2021
by
Administrator
main
apidocs
cla-signed
security
Merged
4
updated
Nov 09, 2021
user: allow getting `accountData` of external accounts
!20979
· created
May 14, 2021
by
Administrator
main
security
team/core-application
ux
Merged
updated
May 14, 2021
Add MountedKey encryption.Key implementation
!19613
· created
Mar 31, 2021
by
Administrator
main
security
team/core-application
Merged
4
updated
Apr 01, 2021
Add internal docs for the encryption package
!19355
· created
Mar 23, 2021
by
Administrator
main
security
team/core-application
Merged
12
updated
Mar 24, 2021
frontend: Disable directory listing of /.assets
!18271
· created
Feb 13, 2021
by
Administrator
main
security
team/core-application
Merged
updated
Feb 13, 2021
add keyring.Key implementation for GCloud KMS
!18207
· created
Feb 12, 2021
by
Administrator
main
security
team/core-application
Merged
16
updated
Feb 15, 2021
Add keyring package for encryption key interface
!18108
· created
Feb 09, 2021
by
Administrator
main
security
team/core-application
Merged
3
updated
Feb 10, 2021