diff options
Diffstat (limited to 'app/controllers/application_controller.rb')
-rw-r--r-- | app/controllers/application_controller.rb | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 8e758c669db..1d17e8aa085 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -111,6 +111,15 @@ class ApplicationController < ActionController::Base render plain: e.message, status: :too_many_requests end + content_security_policy do |p| + next if p.directives.blank? + next unless Gitlab::CurrentSettings.snowplow_enabled? && !Gitlab::CurrentSettings.snowplow_collector_hostname.blank? + + default_connect_src = p.directives['connect-src'] || p.directives['default-src'] + connect_src_values = Array.wrap(default_connect_src) | [Gitlab::CurrentSettings.snowplow_collector_hostname] + p.connect_src(*connect_src_values) + end + def redirect_back_or_default(default: root_path, options: {}) redirect_back(fallback_location: default, **options) end @@ -237,19 +246,19 @@ class ApplicationController < ActionController::Base end def git_not_found! - render "errors/git_not_found.html", layout: "errors", status: :not_found + render template: "errors/git_not_found", formats: :html, layout: "errors", status: :not_found end def render_403 respond_to do |format| - format.html { render "errors/access_denied", layout: "errors", status: :forbidden } + format.html { render template: "errors/access_denied", formats: :html, layout: "errors", status: :forbidden } format.any { head :forbidden } end end def render_404 respond_to do |format| - format.html { render "errors/not_found", layout: "errors", status: :not_found } + format.html { render template: "errors/not_found", formats: :html, layout: "errors", status: :not_found } # Prevent the Rails CSRF protector from thinking a missing .js file is a JavaScript file format.js { render json: '', status: :not_found, content_type: 'application/json' } format.any { head :not_found } |