Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorConnor Shea <connor.james.shea@gmail.com>2016-07-05 23:20:50 +0300
committerConnor Shea <connor.james.shea@gmail.com>2016-07-18 20:43:35 +0300
commite0ffbf0edb7bdda290225259945e0fb6e7b270bb (patch)
treeca583be0832d87c9ad1cd2412dd50b191ffb94ef
parente5d6f33378c302bc65b5637dfeff9d5a852647d5 (diff)
Add the CSP reporting URI of Sentry.
-rw-r--r--config/initializers/secure_headers.rb9
1 files changed, 8 insertions, 1 deletions
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 3788dbf9473..66aca5fb46b 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -1,3 +1,10 @@
+require 'gitlab/current_settings'
+include Gitlab::CurrentSettings
+
+uri = URI.parse(current_application_settings.sentry_dsn)
+
+CSP_REPORT_URI = "#{uri.scheme}://#{uri.host}/api#{uri.path}/csp-report/?sentry_key=#{uri.user}"
+
SecureHeaders::Configuration.default do |config|
config.cookies = {
secure: true, # mark all cookies as "Secure"
@@ -33,6 +40,6 @@ SecureHeaders::Configuration.default do |config|
frame_ancestors: %w('none'),
block_all_mixed_content: true, # see http://www.w3.org/TR/mixed-content/
upgrade_insecure_requests: true, # see https://www.w3.org/TR/upgrade-insecure-requests/
- report_uri: %w('')
+ report_uri: %W(#{CSP_REPORT_URI})
}
end