summaryrefslogtreecommitdiff
path: root/config/initializers/content_security_policy.rb
diff options
context:
space:
mode:
Diffstat (limited to 'config/initializers/content_security_policy.rb')
-rw-r--r--config/initializers/content_security_policy.rb15
1 files changed, 15 insertions, 0 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
new file mode 100644
index 00000000000..608d0401a96
--- /dev/null
+++ b/config/initializers/content_security_policy.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+csp_settings = Settings.gitlab.content_security_policy
+
+if csp_settings['enabled']
+ # See https://guides.rubyonrails.org/security.html#content-security-policy
+ Rails.application.config.content_security_policy do |policy|
+ directives = csp_settings.fetch('directives', {})
+ loader = ::Gitlab::ContentSecurityPolicy::ConfigLoader.new(directives)
+ loader.load(policy)
+ end
+
+ Rails.application.config.content_security_policy_report_only = csp_settings['report_only']
+ Rails.application.config.content_security_policy_nonce_generator = ->(request) { SecureRandom.base64(16) }
+end
View Lorry Controller Status