Merge branch 'remove-csp-sentry-reporting' into 'master'

Fix the Sentry spam from CSP violations by disabling it. ## What does this MR do? Leaves CSP enabled, but without a reporting endpoint for now. This was causing a huge amount of useless errors in our Sentry instance. cc: @stanhu See merge request !5354

Merge branch 'remove-csp-sentry-reporting' into 'master'
Fix the Sentry spam from CSP violations by disabling it. ## What does this MR do? Leaves CSP enabled, but without a reporting endpoint for now. This was causing a huge amount of useless errors in our Sentry instance. cc: @stanhu See merge request !5354
c07dd188 · Stan Hu · Rémy Coutable · 693081cc · c07dd188
Commit c07dd188 authored Jul 20, 2016 by Stan Hu Committed by Rémy Coutable Jul 20, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 12 deletions

config/initializers/secure_headers.rb config/initializers/secure_headers.rb +2 -12

No files found.
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -4,14 +4,7 @@
 require 'gitlab/current_settings'
 include Gitlab::CurrentSettings

-# If Sentry is enabled and the Rails app is running in production mode,
-# this will construct the Report URI for Sentry.
-if Rails.env.production? && current_application_settings.sentry_enabled
-  uri = URI.parse(current_application_settings.sentry_dsn)
-  CSP_REPORT_URI = "#{uri.scheme}://#{uri.host}/api#{uri.path}/csp-report/?sentry_key=#{uri.user}"
-else
-  CSP_REPORT_URI = ''
-end
+CSP_REPORT_URI = ''

 # Content Security Policy Headers
 # For more information on CSP see:
@@ -71,10 +64,7 @@ SecureHeaders::Configuration.default do |config|
    upgrade_insecure_requests: true
  }

-  # Reports are sent to Sentry if it's enabled.
-  if current_application_settings.sentry_enabled
-    config.csp[:report_uri] = %W(#{CSP_REPORT_URI})
-  end
+  config.csp[:report_uri] = %W(#{CSP_REPORT_URI})

  # Allow Bootstrap Linter in development mode.
  if Rails.env.development?