Welcome to mirror list, hosted at ThFree Co, Russian Federation.

zuora_csp.rb « concerns « controllers « app - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/concerns/zuora_csp.rb
blob: 5f9be11d7b95db0a31ad9277931a05c0f12b2584 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

# frozen_string_literal: true

module ZuoraCSP
  extend ActiveSupport::Concern

  ZUORA_URL = 'https://*.zuora.com'

  included do
    content_security_policy do |policy|
      next if policy.directives.blank?

      default_script_src = policy.directives['script-src'] || policy.directives['default-src']
      script_src_values = Array.wrap(default_script_src) | ["'self'", "'unsafe-eval'", ZUORA_URL]

      default_frame_src = policy.directives['frame-src'] || policy.directives['default-src']
      frame_src_values = Array.wrap(default_frame_src) | ["'self'", ZUORA_URL]

      default_child_src = policy.directives['child-src'] || policy.directives['default-src']
      child_src_values = Array.wrap(default_child_src) | ["'self'", ZUORA_URL]

      policy.script_src(*script_src_values)
      policy.frame_src(*frame_src_values)
      policy.child_src(*child_src_values)
    end
  end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 04:37:34 +0300