diff options
Diffstat (limited to 'app/controllers/concerns/observability/content_security_policy.rb')
-rw-r--r-- | app/controllers/concerns/observability/content_security_policy.rb | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/app/controllers/concerns/observability/content_security_policy.rb b/app/controllers/concerns/observability/content_security_policy.rb index eccd1e1e3ef..3865e3b606d 100644 --- a/app/controllers/concerns/observability/content_security_policy.rb +++ b/app/controllers/concerns/observability/content_security_policy.rb @@ -5,8 +5,14 @@ module Observability extend ActiveSupport::Concern included do - content_security_policy do |p| - next if p.directives.blank? || Gitlab::Observability.observability_url.blank? + content_security_policy_with_context do |p| + current_group = if defined?(group) + group + else + defined?(project) ? project&.group : nil + end + + next if p.directives.blank? || !Gitlab::Observability.observability_enabled?(current_user, current_group) default_frame_src = p.directives['frame-src'] || p.directives['default-src'] |