Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
2075d6fe
Commit
2075d6fe
authored
Oct 12, 2021
by
Axel García
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Put OneTrust CSP config behind a concern
The concerns were previously set at controller level.
parent
5fb3adaf
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
23 additions
and
36 deletions
+23
-36
app/controllers/concerns/one_trust_csp.rb
app/controllers/concerns/one_trust_csp.rb
+19
-0
app/controllers/registrations_controller.rb
app/controllers/registrations_controller.rb
+1
-12
app/controllers/sessions_controller.rb
app/controllers/sessions_controller.rb
+1
-12
ee/app/controllers/trial_registrations_controller.rb
ee/app/controllers/trial_registrations_controller.rb
+2
-12
No files found.
app/controllers/concerns/one_trust_csp.rb
0 → 100644
View file @
2075d6fe
# frozen_string_literal: true
module
OneTrustCSP
extend
ActiveSupport
::
Concern
included
do
content_security_policy
do
|
policy
|
next
if
policy
.
directives
.
blank?
default_script_src
=
policy
.
directives
[
'script-src'
]
||
policy
.
directives
[
'default-src'
]
script_src_values
=
Array
.
wrap
(
default_script_src
)
|
[
"'unsafe-eval'"
,
'https://cdn.cookielaw.org https://*.onetrust.com'
]
policy
.
script_src
(
*
script_src_values
)
default_connect_src
=
policy
.
directives
[
'connect-src'
]
||
policy
.
directives
[
'default-src'
]
connect_src_values
=
Array
.
wrap
(
default_connect_src
)
|
[
'https://cdn.cookielaw.org'
]
policy
.
connect_src
(
*
connect_src_values
)
end
end
end
app/controllers/registrations_controller.rb
View file @
2075d6fe
...
...
@@ -5,6 +5,7 @@ class RegistrationsController < Devise::RegistrationsController
include
AcceptsPendingInvitations
include
RecaptchaHelper
include
InvisibleCaptchaOnSignup
include
OneTrustCSP
layout
'devise'
...
...
@@ -15,18 +16,6 @@ class RegistrationsController < Devise::RegistrationsController
feature_category
:authentication_and_authorization
content_security_policy
do
|
policy
|
next
if
policy
.
directives
.
blank?
default_script_src
=
policy
.
directives
[
'script-src'
]
||
policy
.
directives
[
'default-src'
]
script_src_values
=
Array
.
wrap
(
default_script_src
)
|
[
"'self'"
,
"'unsafe-eval'"
,
'https://cdn.cookielaw.org https://*.onetrust.com'
]
policy
.
script_src
(
*
script_src_values
)
default_connect_src
=
policy
.
directives
[
'connect-src'
]
||
policy
.
directives
[
'default-src'
]
connect_src_values
=
Array
.
wrap
(
default_connect_src
)
|
[
"'self'"
,
'https://cdn.cookielaw.org'
]
policy
.
connect_src
(
*
connect_src_values
)
end
def
new
@resource
=
build_resource
end
...
...
app/controllers/sessions_controller.rb
View file @
2075d6fe
...
...
@@ -9,6 +9,7 @@ class SessionsController < Devise::SessionsController
include
RendersLdapServers
include
KnownSignIn
include
Gitlab
::
Utils
::
StrongMemoize
include
OneTrustCSP
skip_before_action
:check_two_factor_requirement
,
only:
[
:destroy
]
skip_before_action
:check_password_expiration
,
only:
[
:destroy
]
...
...
@@ -55,18 +56,6 @@ class SessionsController < Devise::SessionsController
CAPTCHA_HEADER
=
'X-GitLab-Show-Login-Captcha'
MAX_FAILED_LOGIN_ATTEMPTS
=
5
content_security_policy
do
|
policy
|
next
if
policy
.
directives
.
blank?
default_script_src
=
policy
.
directives
[
'script-src'
]
||
policy
.
directives
[
'default-src'
]
script_src_values
=
Array
.
wrap
(
default_script_src
)
|
[
"'self'"
,
"'unsafe-eval'"
,
'https://cdn.cookielaw.org https://*.onetrust.com'
]
policy
.
script_src
(
*
script_src_values
)
default_connect_src
=
policy
.
directives
[
'connect-src'
]
||
policy
.
directives
[
'default-src'
]
connect_src_values
=
Array
.
wrap
(
default_connect_src
)
|
[
"'self'"
,
'https://cdn.cookielaw.org'
]
policy
.
connect_src
(
*
connect_src_values
)
end
def
new
set_minimum_password_length
...
...
ee/app/controllers/trial_registrations_controller.rb
View file @
2075d6fe
...
...
@@ -5,6 +5,8 @@
class
TrialRegistrationsController
<
RegistrationsController
extend
::
Gitlab
::
Utils
::
Override
include
OneTrustCSP
layout
'minimal'
skip_before_action
:require_no_authentication
...
...
@@ -12,18 +14,6 @@ class TrialRegistrationsController < RegistrationsController
before_action
:check_if_gl_com_or_dev
before_action
:set_redirect_url
,
only:
[
:new
]
content_security_policy
do
|
policy
|
next
if
policy
.
directives
.
blank?
default_script_src
=
policy
.
directives
[
'script-src'
]
||
policy
.
directives
[
'default-src'
]
script_src_values
=
Array
.
wrap
(
default_script_src
)
|
[
"'self'"
,
"'unsafe-eval'"
,
'https://cdn.cookielaw.org https://*.onetrust.com'
]
policy
.
script_src
(
*
script_src_values
)
default_connect_src
=
policy
.
directives
[
'connect-src'
]
||
policy
.
directives
[
'default-src'
]
connect_src_values
=
Array
.
wrap
(
default_connect_src
)
|
[
"'self'"
,
'https://cdn.cookielaw.org'
]
policy
.
connect_src
(
*
connect_src_values
)
end
def
new
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment