Welcome to mirror list, hosted at ThFree Co, Russian Federation.

content_security_policy.rb « initializers « config - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/config/initializers/content_security_policy.rb
blob: f7c3f4e98b55c5db08c1eeb349e4ab5ae93eee8a (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

# frozen_string_literal: true

csp_settings = Settings.gitlab.content_security_policy

csp_settings['enabled'] = Gitlab::ContentSecurityPolicy::ConfigLoader.default_enabled if csp_settings['enabled'].nil?
csp_settings['report_only'] = false if csp_settings['report_only'].nil?
csp_settings['directives'] ||= {}

if csp_settings['enabled']
  # See https://guides.rubyonrails.org/security.html#content-security-policy
  Rails.application.config.content_security_policy do |policy|
    loader = ::Gitlab::ContentSecurityPolicy::ConfigLoader.new(csp_settings['directives'].to_h)
    loader.load(policy)
  end

  Rails.application.config.content_security_policy_report_only = csp_settings['report_only']
  Rails.application.config.content_security_policy_nonce_generator = ->(request) { SecureRandom.base64(16) }
  Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 22:19:31 +0300