diff options
author | Ash McKenzie <amckenzie@gitlab.com> | 2019-08-07 08:03:05 +0300 |
---|---|---|
committer | Ash McKenzie <amckenzie@gitlab.com> | 2019-08-07 08:03:05 +0300 |
commit | 6cafa7002738f33c212b9f72d9b0f66b386c6faf (patch) | |
tree | d156193d59dcda4f3e2e3e20d805884fcb956278 /lib/gitlab | |
parent | 3f392969902e91f8ace18891544e9357a69bfd08 (diff) | |
parent | 5fbbd3dd6e965f76ecf1767373bddd236a78a4be (diff) |
Merge branch 'sh-support-csp-nonce' into 'master'
Add support for Content-Security-Policy
Closes #65330
See merge request gitlab-org/gitlab-ce!31402
Diffstat (limited to 'lib/gitlab')
-rw-r--r-- | lib/gitlab/content_security_policy/config_loader.rb | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/lib/gitlab/content_security_policy/config_loader.rb b/lib/gitlab/content_security_policy/config_loader.rb new file mode 100644 index 00000000000..b2f3345d33a --- /dev/null +++ b/lib/gitlab/content_security_policy/config_loader.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: true + +module Gitlab + module ContentSecurityPolicy + class ConfigLoader + DIRECTIVES = %w(base_uri child_src connect_src default_src font_src + form_action frame_ancestors frame_src img_src manifest_src + media_src object_src script_src style_src worker_src).freeze + + def self.default_settings_hash + { + 'enabled' => false, + 'report_only' => false, + 'directives' => DIRECTIVES.each_with_object({}) { |directive, hash| hash[directive] = nil } + } + end + + def initialize(csp_directives) + @csp_directives = HashWithIndifferentAccess.new(csp_directives) + end + + def load(policy) + DIRECTIVES.each do |directive| + arguments = arguments_for(directive) + + next unless arguments.present? + + policy.public_send(directive, *arguments) # rubocop:disable GitlabSecurity/PublicSend + end + end + + private + + def arguments_for(directive) + arguments = @csp_directives[directive.to_s] + + return unless arguments.present? && arguments.is_a?(String) + + arguments.strip.split(' ').map(&:strip) + end + end + end +end |