Put OneTrust CSP config behind a concern

The concerns were previously set at controller
level.

app/controllers/concerns/one_trust_csp.rb

+# frozen_string_literal: true
+
+module OneTrustCSP
+  extend ActiveSupport::Concern
+
+  included do
+    content_security_policy do |policy|
+      next if policy.directives.blank?
+
+      default_script_src = policy.directives['script-src'] || policy.directives['default-src']
+      script_src_values = Array.wrap(default_script_src) | ["'unsafe-eval'", 'https://cdn.cookielaw.org https://*.onetrust.com']
+      policy.script_src(*script_src_values)
+
+      default_connect_src = policy.directives['connect-src'] || policy.directives['default-src']
+      connect_src_values = Array.wrap(default_connect_src) | ['https://cdn.cookielaw.org']
+      policy.connect_src(*connect_src_values)
+    end
+  end
+end

app/controllers/registrations_controller.rb

@@ -5,6 +5,7 @@ class RegistrationsController < Devise::RegistrationsController
   include AcceptsPendingInvitations
   include RecaptchaHelper
   include InvisibleCaptchaOnSignup
+  include OneTrustCSP
 
   layout 'devise'
 
@@ -15,18 +16,6 @@ class RegistrationsController < Devise::RegistrationsController
 
   feature_category :authentication_and_authorization
 
-  content_security_policy do |policy|
-    next if policy.directives.blank?
-
-    default_script_src = policy.directives['script-src'] || policy.directives['default-src']
-    script_src_values = Array.wrap(default_script_src) | ["'self'", "'unsafe-eval'", 'https://cdn.cookielaw.org https://*.onetrust.com']
-    policy.script_src(*script_src_values)
-
-    default_connect_src = policy.directives['connect-src'] || policy.directives['default-src']
-    connect_src_values = Array.wrap(default_connect_src) | ["'self'", 'https://cdn.cookielaw.org']
-    policy.connect_src(*connect_src_values)
-  end
-
   def new
     @resource = build_resource
   end

app/controllers/sessions_controller.rb

@@ -9,6 +9,7 @@ class SessionsController < Devise::SessionsController
   include RendersLdapServers
   include KnownSignIn
   include Gitlab::Utils::StrongMemoize
+  include OneTrustCSP
 
   skip_before_action :check_two_factor_requirement, only: [:destroy]
   skip_before_action :check_password_expiration, only: [:destroy]
@@ -55,18 +56,6 @@ class SessionsController < Devise::SessionsController
   CAPTCHA_HEADER = 'X-GitLab-Show-Login-Captcha'
   MAX_FAILED_LOGIN_ATTEMPTS = 5
 
-  content_security_policy do |policy|
-    next if policy.directives.blank?
-
-    default_script_src = policy.directives['script-src'] || policy.directives['default-src']
-    script_src_values = Array.wrap(default_script_src) | ["'self'", "'unsafe-eval'", 'https://cdn.cookielaw.org https://*.onetrust.com']
-    policy.script_src(*script_src_values)
-
-    default_connect_src = policy.directives['connect-src'] || policy.directives['default-src']
-    connect_src_values = Array.wrap(default_connect_src) | ["'self'", 'https://cdn.cookielaw.org']
-    policy.connect_src(*connect_src_values)
-  end
-
   def new
     set_minimum_password_length
 

ee/app/controllers/trial_registrations_controller.rb

@@ -5,6 +5,8 @@
 class TrialRegistrationsController < RegistrationsController
   extend ::Gitlab::Utils::Override
 
+  include OneTrustCSP
+
   layout 'minimal'
 
   skip_before_action :require_no_authentication
@@ -12,18 +14,6 @@ class TrialRegistrationsController < RegistrationsController
   before_action :check_if_gl_com_or_dev
   before_action :set_redirect_url, only: [:new]
 
-  content_security_policy do |policy|
-    next if policy.directives.blank?
-
-    default_script_src = policy.directives['script-src'] || policy.directives['default-src']
-    script_src_values = Array.wrap(default_script_src) | ["'self'", "'unsafe-eval'", 'https://cdn.cookielaw.org https://*.onetrust.com']
-    policy.script_src(*script_src_values)
-
-    default_connect_src = policy.directives['connect-src'] || policy.directives['default-src']
-    connect_src_values = Array.wrap(default_connect_src) | ["'self'", 'https://cdn.cookielaw.org']
-    policy.connect_src(*connect_src_values)
-  end
-
   def new
   end