diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-29 19:42:19 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-29 19:42:19 +0300 |
| commit | d02a25c8704150b5ad0c516720ce625256f7cbac (patch) | |
| tree | 597b3a8487abe246462951cdf1cfbf53aa0700be | |
| parent | 751cb432aab9837d3174bcdb309fae765925c869 (diff) | |
Add latest changes from gitlab-org/gitlab@16-1-stable-ee
| -rw-r--r-- | app/controllers/concerns/kas_cookie.rb | 1 | ||||
| -rw-r--r-- | spec/controllers/concerns/kas_cookie_spec.rb | 29 |
2 files changed, 29 insertions, 1 deletions
diff --git a/app/controllers/concerns/kas_cookie.rb b/app/controllers/concerns/kas_cookie.rb index c66bf7c9e8c..06a4ee873f8 100644 --- a/app/controllers/concerns/kas_cookie.rb +++ b/app/controllers/concerns/kas_cookie.rb @@ -6,6 +6,7 @@ module KasCookie included do content_security_policy_with_context do |p| next unless ::Gitlab::Kas::UserAccess.enabled? + next unless Settings.gitlab.content_security_policy['enabled'] kas_url = ::Gitlab::Kas.tunnel_url next if URI(kas_url).host == ::Gitlab.config.gitlab.host # already allowed, no need for exception diff --git a/spec/controllers/concerns/kas_cookie_spec.rb b/spec/controllers/concerns/kas_cookie_spec.rb index d80df106cfd..7ab48f12d83 100644 --- a/spec/controllers/concerns/kas_cookie_spec.rb +++ b/spec/controllers/concerns/kas_cookie_spec.rb @@ -56,6 +56,17 @@ RSpec.describe KasCookie, feature_category: :deployment_management do describe '#content_security_policy' do let_it_be(:user) { create(:user) } + let(:gitlab_config) do + Gitlab.config.gitlab.deep_merge( + { + 'host' => 'gitlab.example.com', + 'content_security_policy' => { 'enabled' => content_security_policy_enabled } + } + ) + end + + let(:content_security_policy_enabled) { true } + controller(ApplicationController) do include KasCookie @@ -65,7 +76,7 @@ RSpec.describe KasCookie, feature_category: :deployment_management do end before do - stub_config_setting(host: 'gitlab.example.com') + stub_config_setting(gitlab_config) sign_in(user) allow(::Gitlab::Kas).to receive(:enabled?).and_return(true) allow(::Gitlab::Kas).to receive(:tunnel_url).and_return(kas_tunnel_url) @@ -108,6 +119,14 @@ RSpec.describe KasCookie, feature_category: :deployment_management do it 'adds KAS url to CSP connect-src directive' do expect(kas_csp_connect_src).to include(::Gitlab::Kas.tunnel_url) end + + context 'when content_security_policy is disabled' do + let(:content_security_policy_enabled) { false } + + it 'does not add KAS url to CSP connect-src directive' do + expect(kas_csp_connect_src).not_to include(::Gitlab::Kas.tunnel_url) + end + end end context 'when KAS tunnel url is configured without trailing slash' do @@ -116,6 +135,14 @@ RSpec.describe KasCookie, feature_category: :deployment_management do it 'adds KAS url to CSP connect-src directive with trailing slash' do expect(kas_csp_connect_src).to include("#{::Gitlab::Kas.tunnel_url}/") end + + context 'when content_security_policy is disabled' do + let(:content_security_policy_enabled) { false } + + it 'does not add KAS url to CSP connect-src directive' do + expect(kas_csp_connect_src).not_to include("#{::Gitlab::Kas.tunnel_url}/") + end + end end end end |