Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
2e9bf6a7
Commit
2e9bf6a7
authored
Jul 05, 2016
by
Connor Shea
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add Sidekiq-specific headers.
parent
e0ffbf0e
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
12 additions
and
6 deletions
+12
-6
app/controllers/admin/background_jobs_controller.rb
app/controllers/admin/background_jobs_controller.rb
+2
-4
config/initializers/secure_headers.rb
config/initializers/secure_headers.rb
+10
-2
No files found.
app/controllers/admin/background_jobs_controller.rb
View file @
2e9bf6a7
class
Admin::BackgroundJobsController
<
Admin
::
ApplicationController
class
Admin::BackgroundJobsController
<
Admin
::
ApplicationController
def
show
def
show
use_secure_headers_override
(
:background_jobs
)
ps_output
,
_
=
Gitlab
::
Popen
.
popen
(
%W(ps -U
#{
Gitlab
.
config
.
gitlab
.
user
}
-o pid,pcpu,pmem,stat,start,command)
)
ps_output
,
_
=
Gitlab
::
Popen
.
popen
(
%W(ps -U
#{
Gitlab
.
config
.
gitlab
.
user
}
-o pid,pcpu,pmem,stat,start,command)
)
@sidekiq_processes
=
ps_output
.
split
(
"
\n
"
).
grep
(
/sidekiq/
)
@sidekiq_processes
=
ps_output
.
split
(
"
\n
"
).
grep
(
/sidekiq/
)
override_x_frame_options
(
"SAMEORIGIN"
)
override_content_security_policy_directives
(
frame_ancestors:
%w('self')
)
end
end
end
end
config/initializers/secure_headers.rb
View file @
2e9bf6a7
...
@@ -2,7 +2,6 @@ require 'gitlab/current_settings'
...
@@ -2,7 +2,6 @@ require 'gitlab/current_settings'
include
Gitlab
::
CurrentSettings
include
Gitlab
::
CurrentSettings
uri
=
URI
.
parse
(
current_application_settings
.
sentry_dsn
)
uri
=
URI
.
parse
(
current_application_settings
.
sentry_dsn
)
CSP_REPORT_URI
=
"
#{
uri
.
scheme
}
://
#{
uri
.
host
}
/api
#{
uri
.
path
}
/csp-report/?sentry_key=
#{
uri
.
user
}
"
CSP_REPORT_URI
=
"
#{
uri
.
scheme
}
://
#{
uri
.
host
}
/api
#{
uri
.
path
}
/csp-report/?sentry_key=
#{
uri
.
user
}
"
SecureHeaders
::
Configuration
.
default
do
|
config
|
SecureHeaders
::
Configuration
.
default
do
|
config
|
...
@@ -32,7 +31,7 @@ SecureHeaders::Configuration.default do |config|
...
@@ -32,7 +31,7 @@ SecureHeaders::Configuration.default do |config|
img_src:
%w('self' www.gravatar.com secure.gravatar.com https:)
,
img_src:
%w('self' www.gravatar.com secure.gravatar.com https:)
,
media_src:
%w('none')
,
media_src:
%w('none')
,
object_src:
%w('none')
,
object_src:
%w('none')
,
script_src:
%w('unsafe-inline' 'self'
maxcdn.bootstrapcdn.com
)
,
script_src:
%w('unsafe-inline' 'self')
,
style_src:
%w('unsafe-inline' 'self')
,
style_src:
%w('unsafe-inline' 'self')
,
base_uri:
%w('self')
,
base_uri:
%w('self')
,
child_src:
%w('self')
,
child_src:
%w('self')
,
...
@@ -42,4 +41,13 @@ SecureHeaders::Configuration.default do |config|
...
@@ -42,4 +41,13 @@ SecureHeaders::Configuration.default do |config|
upgrade_insecure_requests:
true
,
# see https://www.w3.org/TR/upgrade-insecure-requests/
upgrade_insecure_requests:
true
,
# see https://www.w3.org/TR/upgrade-insecure-requests/
report_uri:
%W(
#{
CSP_REPORT_URI
}
)
report_uri:
%W(
#{
CSP_REPORT_URI
}
)
}
}
if
Rails
.
env
.
development?
config
.
csp
[
:script_src
]
<<
"maxcdn.bootstrapcdn.com"
end
end
SecureHeaders
::
Configuration
.
override
(
:background_jobs
)
do
|
config
|
config
.
csp
[
:frame_ancestors
]
=
%w('self')
config
.
x_frame_options
=
'SAMEORIGIN'
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment