Commit d1422c4b authored by Dylan Griffith's avatar Dylan Griffith

Merge branch 'csp-sentry' into 'master'

Modify CSP when Sentry is configured

See merge request gitlab-org/gitlab!67791
parents 8e186283 1081915a
......@@ -38,6 +38,7 @@ module Gitlab
allow_webpack_dev_server(settings_hash) if Rails.env.development?
allow_cdn(settings_hash, cdn_host) if cdn_host.present?
allow_customersdot(settings_hash) if Rails.env.development? && ENV['CUSTOMER_PORTAL_URL'].present?
allow_sentry(settings_hash) if Gitlab.config.sentry&.enabled && Gitlab.config.sentry&.clientside_dsn
settings_hash
end
......@@ -90,6 +91,14 @@ module Gitlab
append_to_directive(settings_hash, 'frame_src', customersdot_host)
end
def self.allow_sentry(settings_hash)
sentry_dsn = Gitlab.config.sentry.clientside_dsn
sentry_uri = URI(sentry_dsn)
sentry_uri.user = nil
append_to_directive(settings_hash, 'connect_src', sentry_uri.to_s)
end
end
end
end
......@@ -61,6 +61,18 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
end
end
context 'when sentry is configured' do
before do
stub_sentry_settings
end
it 'adds sentry path to CSP without user' do
directives = settings['directives']
expect(directives['connect_src']).to eq("'self' dummy://example.com/43")
end
end
context 'when CUSTOMER_PORTAL_URL is set' do
before do
stub_env('CUSTOMER_PORTAL_URL', 'https://customers.example.com')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment