summaryrefslogtreecommitdiff
path: root/lib/gitlab/content_security_policy/config_loader.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/gitlab/content_security_policy/config_loader.rb')
-rw-r--r--lib/gitlab/content_security_policy/config_loader.rb43
1 files changed, 43 insertions, 0 deletions
diff --git a/lib/gitlab/content_security_policy/config_loader.rb b/lib/gitlab/content_security_policy/config_loader.rb
new file mode 100644
index 00000000000..ff844645b11
--- /dev/null
+++ b/lib/gitlab/content_security_policy/config_loader.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Gitlab
+ module ContentSecurityPolicy
+ class ConfigLoader
+ DIRECTIVES = %w(base_uri child_src connect_src default_src font_src
+ form_action frame_ancestors frame_src img_src manifest_src
+ media_src object_src report_uri script_src style_src worker_src).freeze
+
+ def self.default_settings_hash
+ {
+ 'enabled' => false,
+ 'report_only' => false,
+ 'directives' => DIRECTIVES.each_with_object({}) { |directive, hash| hash[directive] = nil }
+ }
+ end
+
+ def initialize(csp_directives)
+ @csp_directives = HashWithIndifferentAccess.new(csp_directives)
+ end
+
+ def load(policy)
+ DIRECTIVES.each do |directive|
+ arguments = arguments_for(directive)
+
+ next unless arguments.present?
+
+ policy.public_send(directive, *arguments) # rubocop:disable GitlabSecurity/PublicSend
+ end
+ end
+
+ private
+
+ def arguments_for(directive)
+ arguments = @csp_directives[directive.to_s]
+
+ return unless arguments.present? && arguments.is_a?(String)
+
+ arguments.strip.split(' ').map(&:strip)
+ end
+ end
+ end
+end
View Lorry Controller Status