From e0ffbf0edb7bdda290225259945e0fb6e7b270bb Mon Sep 17 00:00:00 2001
From: Connor Shea <connor.james.shea@gmail.com>
Date: Tue, 5 Jul 2016 14:20:50 -0600
Subject: Add the CSP reporting URI of Sentry.

---
 config/initializers/secure_headers.rb | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 3788dbf9473..66aca5fb46b 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -1,3 +1,10 @@
+require 'gitlab/current_settings'
+include Gitlab::CurrentSettings
+
+uri = URI.parse(current_application_settings.sentry_dsn)
+
+CSP_REPORT_URI = "#{uri.scheme}://#{uri.host}/api#{uri.path}/csp-report/?sentry_key=#{uri.user}"
+
 SecureHeaders::Configuration.default do |config|
   config.cookies = {
     secure: true, # mark all cookies as "Secure"
@@ -33,6 +40,6 @@ SecureHeaders::Configuration.default do |config|
     frame_ancestors: %w('none'),
     block_all_mixed_content: true, # see http://www.w3.org/TR/mixed-content/
     upgrade_insecure_requests: true, # see https://www.w3.org/TR/upgrade-insecure-requests/
-    report_uri: %w('')
+    report_uri: %W(#{CSP_REPORT_URI})
   }
 end
-- 
cgit v1.2.3