diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-20 18:40:28 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-20 18:40:28 +0300 |
commit | b595cb0c1dec83de5bdee18284abe86614bed33b (patch) | |
tree | 8c3d4540f193c5ff98019352f554e921b3a41a72 /app/controllers/jira_connect | |
parent | 2f9104a328fc8a4bddeaa4627b595166d24671d0 (diff) |
Add latest changes from gitlab-org/gitlab@15-2-stable-eev15.2.0-rc42
Diffstat (limited to 'app/controllers/jira_connect')
-rw-r--r-- | app/controllers/jira_connect/oauth_application_ids_controller.rb | 9 | ||||
-rw-r--r-- | app/controllers/jira_connect/subscriptions_controller.rb | 8 |
2 files changed, 16 insertions, 1 deletions
diff --git a/app/controllers/jira_connect/oauth_application_ids_controller.rb b/app/controllers/jira_connect/oauth_application_ids_controller.rb index 05c23210da2..a84b47f4c8b 100644 --- a/app/controllers/jira_connect/oauth_application_ids_controller.rb +++ b/app/controllers/jira_connect/oauth_application_ids_controller.rb @@ -5,9 +5,10 @@ module JiraConnect feature_category :integrations skip_before_action :authenticate_user! + skip_before_action :verify_authenticity_token def show - if Feature.enabled?(:jira_connect_oauth_self_managed) && jira_connect_application_key.present? + if show_application_id? render json: { application_id: jira_connect_application_key } else head :not_found @@ -16,6 +17,12 @@ module JiraConnect private + def show_application_id? + return if Gitlab.com? + + Feature.enabled?(:jira_connect_oauth_self_managed) && jira_connect_application_key.present? + end + def jira_connect_application_key Gitlab::CurrentSettings.jira_connect_application_key.presence end diff --git a/app/controllers/jira_connect/subscriptions_controller.rb b/app/controllers/jira_connect/subscriptions_controller.rb index 2ba9f8264e1..623113f8413 100644 --- a/app/controllers/jira_connect/subscriptions_controller.rb +++ b/app/controllers/jira_connect/subscriptions_controller.rb @@ -25,6 +25,7 @@ class JiraConnect::SubscriptionsController < JiraConnect::ApplicationController before_action :allow_rendering_in_iframe, only: :index before_action :verify_qsh_claim!, only: :index + before_action :allow_self_managed_content_security_policy, only: :index before_action :authenticate_user!, only: :create def index @@ -62,6 +63,13 @@ class JiraConnect::SubscriptionsController < JiraConnect::ApplicationController private + def allow_self_managed_content_security_policy + return unless current_jira_installation.instance_url? + + request.content_security_policy.directives['connect-src'] ||= [] + request.content_security_policy.directives['connect-src'] << Gitlab::Utils.append_path(current_jira_installation.instance_url, '/-/jira_connect/oauth_application_ids') + end + def create_service JiraConnectSubscriptions::CreateService.new(current_jira_installation, current_user, namespace_path: params['namespace_path'], jira_user: jira_user) end |