Commit 76e78fca authored by Robert Speicher's avatar Robert Speicher

Revert "Merge branch 'remove-csp-sentry-reporting' into 'master'

This reverts commit 79b02e40, reversing
changes made to f2cd21e8.
parent b5ef5cc6
...@@ -4,7 +4,14 @@ ...@@ -4,7 +4,14 @@
require 'gitlab/current_settings' require 'gitlab/current_settings'
include Gitlab::CurrentSettings include Gitlab::CurrentSettings
CSP_REPORT_URI = '' # If Sentry is enabled and the Rails app is running in production mode,
# this will construct the Report URI for Sentry.
if Rails.env.production? && current_application_settings.sentry_enabled
uri = URI.parse(current_application_settings.sentry_dsn)
CSP_REPORT_URI = "#{uri.scheme}://#{uri.host}/api#{uri.path}/csp-report/?sentry_key=#{uri.user}"
else
CSP_REPORT_URI = ''
end
# Content Security Policy Headers # Content Security Policy Headers
# For more information on CSP see: # For more information on CSP see:
...@@ -64,7 +71,10 @@ SecureHeaders::Configuration.default do |config| ...@@ -64,7 +71,10 @@ SecureHeaders::Configuration.default do |config|
upgrade_insecure_requests: true upgrade_insecure_requests: true
} }
# Reports are sent to Sentry if it's enabled.
if current_application_settings.sentry_enabled
config.csp[:report_uri] = %W(#{CSP_REPORT_URI}) config.csp[:report_uri] = %W(#{CSP_REPORT_URI})
end
# Allow Bootstrap Linter in development mode. # Allow Bootstrap Linter in development mode.
if Rails.env.development? if Rails.env.development?
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment