summaryrefslogtreecommitdiff
path: root/config/initializers/content_security_policy.rb
diff options
context:
space:
mode:
Diffstat (limited to 'config/initializers/content_security_policy.rb')
-rw-r--r--config/initializers/content_security_policy.rb9
1 files changed, 7 insertions, 2 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index c19fb65017f..3c6606066cd 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -2,11 +2,16 @@
csp_settings = Settings.gitlab.content_security_policy
+csp_settings['enabled'] = Gitlab::ContentSecurityPolicy::ConfigLoader.default_enabled if csp_settings['enabled'].nil?
+csp_settings['report_only'] = false if csp_settings['report_only'].nil?
+csp_settings['directives'] ||= {}
+
if csp_settings['enabled']
+ csp_settings['directives'] = ::Gitlab::ContentSecurityPolicy::ConfigLoader.default_directives if csp_settings['directives'].empty?
+
# See https://guides.rubyonrails.org/security.html#content-security-policy
Rails.application.config.content_security_policy do |policy|
- directives = csp_settings.fetch('directives', {})
- loader = ::Gitlab::ContentSecurityPolicy::ConfigLoader.new(directives)
+ loader = ::Gitlab::ContentSecurityPolicy::ConfigLoader.new(csp_settings['directives'].to_h)
loader.load(policy)
end
View Lorry Controller Status