Welcome to mirror list, hosted at ThFree Co, Russian Federation.

google_analytics_csp.rb « concerns « controllers « app - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/concerns/google_analytics_csp.rb
blob: 4fffe298803f6b516a18b1e06cc60ca6419128ac (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

# frozen_string_literal: true

module GoogleAnalyticsCSP
  extend ActiveSupport::Concern

  included do
    content_security_policy do |policy|
      next unless helpers.google_tag_manager_enabled? || policy.directives.present?

      # Tag Manager with a Content Security Policy for Google Analytics 4
      # https://developers.google.com/tag-platform/security/guides/csp#google_analytics_4_google_analytics

      default_script_src = policy.directives['script-src'] || policy.directives['default-src']
      script_src_values = Array.wrap(default_script_src) | ['*.googletagmanager.com']
      policy.script_src(*script_src_values)

      default_img_src = policy.directives['img-src'] || policy.directives['default-src']
      img_src_values =
        Array.wrap(default_img_src) |
        [
          '*.google-analytics.com',
          '*.analytics.google.com',
          '*.googletagmanager.com',
          '*.g.doubleclick.net'
        ]
      policy.img_src(*img_src_values)

      default_connect_src = policy.directives['connect-src'] || policy.directives['default-src']
      connect_src_values =
        Array.wrap(default_connect_src) |
        [
          '*.google-analytics.com',
          '*.analytics.google.com',
          '*.googletagmanager.com',
          '*.g.doubleclick.net'
        ]
      policy.connect_src(*connect_src_values)
    end
  end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-28 05:43:10 +0300