Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/concerns/zuora_csp.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/concerns/zuora_csp.rb')
-rw-r--r--app/controllers/concerns/zuora_csp.rb26
1 files changed, 26 insertions, 0 deletions
diff --git a/app/controllers/concerns/zuora_csp.rb b/app/controllers/concerns/zuora_csp.rb
new file mode 100644
index 00000000000..5f9be11d7b9
--- /dev/null
+++ b/app/controllers/concerns/zuora_csp.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module ZuoraCSP
+ extend ActiveSupport::Concern
+
+ ZUORA_URL = 'https://*.zuora.com'
+
+ included do
+ content_security_policy do |policy|
+ next if policy.directives.blank?
+
+ default_script_src = policy.directives['script-src'] || policy.directives['default-src']
+ script_src_values = Array.wrap(default_script_src) | ["'self'", "'unsafe-eval'", ZUORA_URL]
+
+ default_frame_src = policy.directives['frame-src'] || policy.directives['default-src']
+ frame_src_values = Array.wrap(default_frame_src) | ["'self'", ZUORA_URL]
+
+ default_child_src = policy.directives['child-src'] || policy.directives['default-src']
+ child_src_values = Array.wrap(default_child_src) | ["'self'", ZUORA_URL]
+
+ policy.script_src(*script_src_values)
+ policy.frame_src(*frame_src_values)
+ policy.child_src(*child_src_values)
+ end
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-16 10:38:42 +0300