1 files changed, 6 insertions, 3 deletions

diff --git a/lib/gitlab/content_security_policy/config_loader.rb b/lib/gitlab/content_security_policy/config_loader.rb
index 574a7dceaa4..8648ffe5f49 100644
--- a/lib/gitlab/content_security_policy/config_loader.rb
+++ b/lib/gitlab/content_security_policy/config_loader.rb
@@ -7,6 +7,8 @@ module Gitlab
                       form_action frame_ancestors frame_src img_src manifest_src
                       media_src object_src report_uri script_src style_src worker_src).freeze
 
+      DEFAULT_FALLBACK_VALUE = '<default_value>'
+
       def self.default_enabled
         Rails.env.development? || Rails.env.test?
       end
@@ -62,8 +64,10 @@ module Gitlab
       end
 
       def initialize(csp_directives)
+        # Using <default_value> falls back to the default values.
+        directives = csp_directives.reject { |_, value| value == DEFAULT_FALLBACK_VALUE }
         @merged_csp_directives =
-          HashWithIndifferentAccess.new(csp_directives)
+          HashWithIndifferentAccess.new(directives)
                                    .reverse_merge(::Gitlab::ContentSecurityPolicy::ConfigLoader.default_directives)
       end
 
@@ -134,9 +138,8 @@ module Gitlab
       def self.allow_sentry(directives)
         sentry_dsn = Gitlab.config.sentry.clientside_dsn
         sentry_uri = URI(sentry_dsn)
-        sentry_uri.user = nil
 
-        append_to_directive(directives, 'connect_src', sentry_uri.to_s)
+        append_to_directive(directives, 'connect_src', "#{sentry_uri.scheme}://#{sentry_uri.host}")
       end
 
       def self.allow_letter_opener(directives)