blob: fafd426da7aa748ddc5293d1afa9a1c2b7262723 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
# frozen_string_literal: true
module KasCookie
extend ActiveSupport::Concern
included do
content_security_policy_with_context do |p|
next unless ::Gitlab::Kas::UserAccess.enabled?
next unless Settings.gitlab.content_security_policy['enabled']
next if URI(kas_url).host == ::Gitlab.config.gitlab.host # already allowed, no need for exception
p.connect_src(*Array.wrap(p.directives['connect-src']), kas_ws_url.sub(%r{/?$}, '/'))
p.connect_src(*Array.wrap(p.directives['connect-src']), kas_url.sub(%r{/?$}, '/'))
end
end
def set_kas_cookie
return unless ::Gitlab::Kas::UserAccess.enabled?
public_session_id = Gitlab::Session.current&.id&.public_id
return unless public_session_id
cookie_data = ::Gitlab::Kas::UserAccess.cookie_data(public_session_id)
cookies[::Gitlab::Kas::COOKIE_KEY] = cookie_data
end
private
def kas_url
::Gitlab::Kas.tunnel_url
end
def kas_ws_url
::Gitlab::Kas.tunnel_ws_url
end
end
|