diff options
author | Connor Shea <connor.james.shea@gmail.com> | 2016-07-05 14:20:50 -0600 |
---|---|---|
committer | Connor Shea <connor.james.shea@gmail.com> | 2016-07-18 11:43:35 -0600 |
commit | e0ffbf0edb7bdda290225259945e0fb6e7b270bb (patch) | |
tree | ca583be0832d87c9ad1cd2412dd50b191ffb94ef /config | |
parent | e5d6f33378c302bc65b5637dfeff9d5a852647d5 (diff) | |
download | gitlab-ce-e0ffbf0edb7bdda290225259945e0fb6e7b270bb.tar.gz |
Add the CSP reporting URI of Sentry.
Diffstat (limited to 'config')
-rw-r--r-- | config/initializers/secure_headers.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb index 3788dbf9473..66aca5fb46b 100644 --- a/config/initializers/secure_headers.rb +++ b/config/initializers/secure_headers.rb @@ -1,3 +1,10 @@ +require 'gitlab/current_settings' +include Gitlab::CurrentSettings + +uri = URI.parse(current_application_settings.sentry_dsn) + +CSP_REPORT_URI = "#{uri.scheme}://#{uri.host}/api#{uri.path}/csp-report/?sentry_key=#{uri.user}" + SecureHeaders::Configuration.default do |config| config.cookies = { secure: true, # mark all cookies as "Secure" @@ -33,6 +40,6 @@ SecureHeaders::Configuration.default do |config| frame_ancestors: %w('none'), block_all_mixed_content: true, # see http://www.w3.org/TR/mixed-content/ upgrade_insecure_requests: true, # see https://www.w3.org/TR/upgrade-insecure-requests/ - report_uri: %w('') + report_uri: %W(#{CSP_REPORT_URI}) } end |