Revert "Merge branch 'remove-csp-sentry-reporting' into 'master'

This reverts commit 79b02e40, reversing changes made to f2cd21e8.

Revert "Merge branch 'remove-csp-sentry-reporting' into 'master'
76e78fca · Robert Speicher · b5ef5cc6 · 76e78fca
Commit 76e78fca authored Jul 20, 2016 by Robert Speicher
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 2 deletions

secure_headers.rb config/initializers/secure_headers.rb +12 -2

No files found.
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -4,7 +4,14 @@
 require 'gitlab/current_settings'
 include Gitlab::CurrentSettings
-CSP_REPORT_URI = ''
+# If Sentry is enabled and the Rails app is running in production mode,
+# this will construct the Report URI for Sentry.
+if Rails.env.production? && current_application_settings.sentry_enabled
+  uri = URI.parse(current_application_settings.sentry_dsn)
+  CSP_REPORT_URI = "#{uri.scheme}://#{uri.host}/api#{uri.path}/csp-report/?sentry_key=#{uri.user}"
+else
+  CSP_REPORT_URI = ''
+end
 # Content Security Policy Headers
 # For more information on CSP see:
@@ -64,7 +71,10 @@ SecureHeaders::Configuration.default do |config|
    upgrade_insecure_requests: true
  }
-  config.csp[:report_uri] = %W(#{CSP_REPORT_URI})
+  # Reports are sent to Sentry if it's enabled.
+  if current_application_settings.sentry_enabled
+    config.csp[:report_uri] = %W(#{CSP_REPORT_URI})
+  end
  # Allow Bootstrap Linter in development mode.
  if Rails.env.development?