diff options
Diffstat (limited to 'lib/gitlab/content_security_policy/directives.rb')
-rw-r--r-- | lib/gitlab/content_security_policy/directives.rb | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/lib/gitlab/content_security_policy/directives.rb b/lib/gitlab/content_security_policy/directives.rb new file mode 100644 index 00000000000..30f3c16247d --- /dev/null +++ b/lib/gitlab/content_security_policy/directives.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +# This module is used to return various SaaS related +# ContentSecurityPolicy Directives src which may be +# overridden in other variants of GitLab + +module Gitlab + module ContentSecurityPolicy + module Directives + def self.frame_src + "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com" + end + + def self.script_src + "'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.recaptcha.net https://apis.google.com" + end + end + end +end + +Gitlab::ContentSecurityPolicy::Directives.prepend_mod |