aea5d3e2fd
For XSRF protection, the REST API requires a special header "X-Gerrit-Auth" containing a token known only to the JS running on the server's domain. Previously, this was set as a JS literal in a <script> tag directly in the output served at /. To support a purely static JS application, we can't depend on injecting JS literals into the body of /. Instead, provide the XSRF token via a cookie on the response for /. Note that this only affects how the server communicates the XSRF token to the client; we still require clients to send the token back in the X-Gerrit-Auth header. The server must ignore an XSRF token cookie sent by the client, since the cookie will be sent on all requests, including possibly-forged cross-site requests. As a minor optimization and to avoid confusion when looking at request traces, the client code discards the cookie as soon as it is stored in a JS variable. Change-Id: Ie24051b48186d6f85bccadfe139e2103b4228cbe |
||
---|---|---|
.settings | ||
bucklets | ||
contrib | ||
Documentation | ||
gerrit-acceptance-framework | ||
gerrit-acceptance-tests | ||
gerrit-antlr | ||
gerrit-cache-h2 | ||
gerrit-common | ||
gerrit-extension-api | ||
gerrit-gpg | ||
gerrit-gwtdebug | ||
gerrit-gwtexpui | ||
gerrit-gwtui | ||
gerrit-gwtui-common | ||
gerrit-httpd | ||
gerrit-launcher | ||
gerrit-lucene | ||
gerrit-main | ||
gerrit-oauth | ||
gerrit-openid | ||
gerrit-patch-commonsnet | ||
gerrit-patch-jgit | ||
gerrit-pgm | ||
gerrit-plugin-api | ||
gerrit-plugin-archetype | ||
gerrit-plugin-gwt-archetype | ||
gerrit-plugin-gwtui | ||
gerrit-plugin-js-archetype | ||
gerrit-prettify | ||
gerrit-reviewdb | ||
gerrit-server | ||
gerrit-sshd | ||
gerrit-util-cli | ||
gerrit-util-http | ||
gerrit-util-ssl | ||
gerrit-war | ||
lib | ||
plugins | ||
ReleaseNotes | ||
tools | ||
website/releases | ||
.buckconfig | ||
.buckversion | ||
.editorconfig | ||
.gitignore | ||
.gitmodules | ||
.mailmap | ||
.pydevproject | ||
.watchmanconfig | ||
BUCK | ||
COPYING | ||
INSTALL | ||
README.md | ||
SUBMITTING_PATCHES | ||
VERSION |
Gerrit Code Review
Gerrit is a code review and project management tool for Git based projects.
Objective
Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.
Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.
Documentation
For information about how to install and use Gerrit, refer to the documentation.
Source
Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.
Reporting bugs
Please report bugs on the issue tracker.
Contribute
Gerrit is the work of hundreds of contributors. We appreciate your help!
Please read the contribution guidelines.
Note that we do not accept Pull Requests via the Github mirror.
Getting in contact
The IRC channel on freenode is #gerrit. An archive is available at: echelog.com.
The Developer Mailing list is repo-discuss on Google Groups.
License
Gerrit is provided under the Apache License 2.0.
Build
Install Buck and run the following:
git clone --recursive https://gerrit.googlesource.com/gerrit
cd gerrit && buck build all
Install binary packages (Deb/Rpm)
The instruction how to configure GerritForge/BinTray repositories is here
On Debian/Ubuntu run:
apt-get update & apt-get install gerrit=<version>-<release>
NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.
On CentOS/RedHat run:
yum clean all && yum install gerrit-<version>[-<release>]
NOTE: release is optional. Last released package of the version is installed if the release number is omitted.
Events
- November 7-8 2015: Gerrit User Conference, Mountain View. (Register).
- November 9-13 2015: Gerrit Hackathon, Mountain View. (Invitation Only).
- March 2016: Gerrit Hackathon, Berlin. (Details to be confirmed).