diff options
Diffstat (limited to 'lib/api/api.rb')
-rw-r--r-- | lib/api/api.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb index 8827371546c..e4158eee37f 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -22,6 +22,7 @@ module API Gitlab::GrapeLogging::Loggers::ClientEnvLogger.new, Gitlab::GrapeLogging::Loggers::RouteLogger.new, Gitlab::GrapeLogging::Loggers::UserLogger.new, + Gitlab::GrapeLogging::Loggers::TokenLogger.new, Gitlab::GrapeLogging::Loggers::ExceptionLogger.new, Gitlab::GrapeLogging::Loggers::QueueDurationLogger.new, Gitlab::GrapeLogging::Loggers::PerfLogger.new, @@ -47,6 +48,12 @@ module API before do header['X-Frame-Options'] = 'SAMEORIGIN' header['X-Content-Type-Options'] = 'nosniff' + + if Rails.application.config.content_security_policy && !Rails.application.config.content_security_policy_report_only + policy = ActionDispatch::ContentSecurityPolicy.new { |p| p.default_src :none } + end + + request.env[ActionDispatch::ContentSecurityPolicy::Request::POLICY] = policy end before do |