Add the CSP reporting URI of Sentry.

author: Connor Shea <connor.james.shea@gmail.com> 2016-07-05 23:20:50 +0300
committer: Connor Shea <connor.james.shea@gmail.com> 2016-07-18 20:43:35 +0300
commit: e0ffbf0edb7bdda290225259945e0fb6e7b270bb (patch)
tree: ca583be0832d87c9ad1cd2412dd50b191ffb94ef
parent: e5d6f33378c302bc65b5637dfeff9d5a852647d5 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 3788dbf9473..66aca5fb46b 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -1,3 +1,10 @@
+require 'gitlab/current_settings'
+include Gitlab::CurrentSettings
+
+uri = URI.parse(current_application_settings.sentry_dsn)
+
+CSP_REPORT_URI = "#{uri.scheme}://#{uri.host}/api#{uri.path}/csp-report/?sentry_key=#{uri.user}"
+
 SecureHeaders::Configuration.default do |config|
   config.cookies = {
     secure: true, # mark all cookies as "Secure"
@@ -33,6 +40,6 @@ SecureHeaders::Configuration.default do |config|
     frame_ancestors: %w('none'),
     block_all_mixed_content: true, # see http://www.w3.org/TR/mixed-content/
     upgrade_insecure_requests: true, # see https://www.w3.org/TR/upgrade-insecure-requests/
-    report_uri: %w('')
+    report_uri: %W(#{CSP_REPORT_URI})
   }
 end
author	Connor Shea <connor.james.shea@gmail.com>	2016-07-05 23:20:50 +0300
committer	Connor Shea <connor.james.shea@gmail.com>	2016-07-18 20:43:35 +0300
commit	e0ffbf0edb7bdda290225259945e0fb6e7b270bb (patch)
tree	ca583be0832d87c9ad1cd2412dd50b191ffb94ef
parent	e5d6f33378c302bc65b5637dfeff9d5a852647d5 (diff)