From d265408c26b6d4a6087df032b1928d142534d0a6 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Wed, 7 Aug 2019 11:17:12 -0700
Subject: Add missing report-uri to CSP config

This is supported in Rails 5.2, although it may be
deprecated in the future by reports-to.
---
 lib/gitlab/content_security_policy/config_loader.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/gitlab')

diff --git a/lib/gitlab/content_security_policy/config_loader.rb b/lib/gitlab/content_security_policy/config_loader.rb
index b2f3345d33a..ff844645b11 100644
--- a/lib/gitlab/content_security_policy/config_loader.rb
+++ b/lib/gitlab/content_security_policy/config_loader.rb
@@ -5,7 +5,7 @@ module Gitlab
     class ConfigLoader
       DIRECTIVES = %w(base_uri child_src connect_src default_src font_src
                       form_action frame_ancestors frame_src img_src manifest_src
-                      media_src object_src script_src style_src worker_src).freeze
+                      media_src object_src report_uri script_src style_src worker_src).freeze
 
       def self.default_settings_hash
         {
-- 
cgit v1.2.3