BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
76e78fca
Commit
76e78fca
authored
Jul 20, 2016
by
Robert Speicher
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Revert "Merge branch 'remove-csp-sentry-reporting' into 'master'
This reverts commit
79b02e40
, reversing changes made to
f2cd21e8
.
parent
b5ef5cc6
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
11 additions
and
1 deletion
+11
-1
secure_headers.rb
config/initializers/secure_headers.rb
+11
-1
No files found.
config/initializers/secure_headers.rb
View file @
76e78fca
...
@@ -4,7 +4,14 @@
...
@@ -4,7 +4,14 @@
require
'gitlab/current_settings'
require
'gitlab/current_settings'
include
Gitlab
::
CurrentSettings
include
Gitlab
::
CurrentSettings
CSP_REPORT_URI
=
''
# If Sentry is enabled and the Rails app is running in production mode,
# this will construct the Report URI for Sentry.
if
Rails
.
env
.
production?
&&
current_application_settings
.
sentry_enabled
uri
=
URI
.
parse
(
current_application_settings
.
sentry_dsn
)
CSP_REPORT_URI
=
"
#{
uri
.
scheme
}
://
#{
uri
.
host
}
/api
#{
uri
.
path
}
/csp-report/?sentry_key=
#{
uri
.
user
}
"
else
CSP_REPORT_URI
=
''
end
# Content Security Policy Headers
# Content Security Policy Headers
# For more information on CSP see:
# For more information on CSP see:
...
@@ -64,7 +71,10 @@ SecureHeaders::Configuration.default do |config|
...
@@ -64,7 +71,10 @@ SecureHeaders::Configuration.default do |config|
upgrade_insecure_requests:
true
upgrade_insecure_requests:
true
}
}
# Reports are sent to Sentry if it's enabled.
if
current_application_settings
.
sentry_enabled
config
.
csp
[
:report_uri
]
=
%W(
#{
CSP_REPORT_URI
}
)
config
.
csp
[
:report_uri
]
=
%W(
#{
CSP_REPORT_URI
}
)
end
# Allow Bootstrap Linter in development mode.
# Allow Bootstrap Linter in development mode.
if
Rails
.
env
.
development?
if
Rails
.
env
.
development?
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment