Add latest changes from gitlab-org/gitlab@14-0-stable-eev14.0.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-06-16 21:25:58 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-06-16 21:25:58 +0300
commit: a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4 (patch)
tree: fb69158581673816a8cd895f9d352dcb3c678b1e /lib/gitlab/content_security_policy
parent: d16b2e8639e99961de6ddc93909f3bb5c1445ba1 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/gitlab/content_security_policy/config_loader.rb b/lib/gitlab/content_security_policy/config_loader.rb
index e42b174e085..d7b31946ab0 100644
--- a/lib/gitlab/content_security_policy/config_loader.rb
+++ b/lib/gitlab/content_security_policy/config_loader.rb
@@ -24,7 +24,7 @@ module Gitlab
             'media_src' => "'self'",
             'script_src' => "'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.recaptcha.net https://apis.google.com",
             'style_src' => "'self' 'unsafe-inline'",
-            'worker_src' => "'self'",
+            'worker_src' => "'self' blob: data:",
             'object_src' => "'none'",
             'report_uri' => nil
           }
@@ -79,6 +79,7 @@ module Gitlab
 
         append_to_directive(settings_hash, 'script_src', cdn_host)
         append_to_directive(settings_hash, 'style_src', cdn_host)
+        append_to_directive(settings_hash, 'font_src', cdn_host)
       end
 
       def self.append_to_directive(settings_hash, directive, text)
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-06-16 21:25:58 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-06-16 21:25:58 +0300
commit	a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4 (patch)
tree	fb69158581673816a8cd895f9d352dcb3c678b1e /lib/gitlab/content_security_policy
parent	d16b2e8639e99961de6ddc93909f3bb5c1445ba1 (diff)