Commit 79ff98fb authored by Vitaly Slobodin's avatar Vitaly Slobodin

Merge branch 'nicolasdular/change-gtm-to-nonce-compatible-script' into 'master'

Replace gtm script with nonce compatible version

See merge request gitlab-org/gitlab!58494
parents 281b395f 6bb09903
...@@ -164,10 +164,25 @@ module AuthHelper ...@@ -164,10 +164,25 @@ module AuthHelper
end end
def google_tag_manager_enabled? def google_tag_manager_enabled?
Gitlab.com? && return false unless Gitlab.dev_env_or_com?
extra_config.has_key?('google_tag_manager_id') &&
extra_config.google_tag_manager_id.present? && has_config_key = if Feature.enabled?(:gtm_nonce, type: :ops)
!current_user extra_config.has_key?('google_tag_manager_nonce_id') &&
extra_config.google_tag_manager_nonce_id.present?
else
extra_config.has_key?('google_tag_manager_id') &&
extra_config.google_tag_manager_id.present?
end
has_config_key && !current_user
end
def google_tag_manager_id
return unless google_tag_manager_enabled?
return extra_config.google_tag_manager_nonce_id if Feature.enabled?(:gtm_nonce, type: :ops)
extra_config.google_tag_manager_id
end end
def auth_app_owner_text(owner) def auth_app_owner_text(owner)
......
- return unless google_tag_manager_enabled? - return unless google_tag_manager_enabled?
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=#{extra_config.google_tag_manager_id}" <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=#{google_tag_manager_id}"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
- if google_tag_manager_enabled? - return unless google_tag_manager_enabled?
- if Feature.enabled?(:gtm_nonce, type: :ops)
= javascript_tag do
:plain
(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;var n=d.querySelector('[nonce]');
n&&j.setAttribute('nonce',n.nonce||n.getAttribute('nonce'));f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','#{google_tag_manager_id}');
- else
= javascript_tag do = javascript_tag do
:plain :plain
(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','#{extra_config.google_tag_manager_id}'); })(window,document,'script','dataLayer','#{google_tag_manager_id}');
---
name: gtm_nonce
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/58494
rollout_issue_url:
milestone: '14.6'
type: ops
group: group::product intelligence
default_enabled: false
...@@ -8,7 +8,7 @@ module Gitlab ...@@ -8,7 +8,7 @@ module Gitlab
module ContentSecurityPolicy module ContentSecurityPolicy
module Directives module Directives
def self.frame_src def self.frame_src
"https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com" "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com https://www.googletagmanager.com/ns.html"
end end
def self.script_src def self.script_src
......
...@@ -283,35 +283,84 @@ RSpec.describe AuthHelper do ...@@ -283,35 +283,84 @@ RSpec.describe AuthHelper do
before do before do
allow(Gitlab).to receive(:com?).and_return(is_gitlab_com) allow(Gitlab).to receive(:com?).and_return(is_gitlab_com)
stub_config(extra: { google_tag_manager_id: 'key' })
allow(helper).to receive(:current_user).and_return(user) allow(helper).to receive(:current_user).and_return(user)
end end
subject(:google_tag_manager_enabled?) { helper.google_tag_manager_enabled? } subject(:google_tag_manager_enabled) { helper.google_tag_manager_enabled? }
context 'on gitlab.com and a key set without a current user' do
it { is_expected.to be_truthy }
end
context 'when not on gitlab.com' do context 'when not on gitlab.com' do
let(:is_gitlab_com) { false } let(:is_gitlab_com) { false }
it { is_expected.to be_falsey } it { is_expected.to eq(false) }
end end
context 'when current user is set' do context 'regular and nonce versions' do
let(:user) { instance_double('User') } using RSpec::Parameterized::TableSyntax
it { is_expected.to be_falsey } where(:gtm_nonce_enabled, :gtm_key) do
false | 'google_tag_manager_id'
true | 'google_tag_manager_nonce_id'
end
with_them do
before do
stub_feature_flags(gtm_nonce: gtm_nonce_enabled)
stub_config(extra: { gtm_key => 'key' })
end
context 'on gitlab.com and a key set without a current user' do
it { is_expected.to be_truthy }
end
context 'when current user is set' do
let(:user) { instance_double('User') }
it { is_expected.to eq(false) }
end
context 'when no key is set' do
before do
stub_config(extra: {})
end
it { is_expected.to eq(false) }
end
end
end
end
describe '#google_tag_manager_id' do
subject(:google_tag_manager_id) { helper.google_tag_manager_id }
before do
stub_config(extra: { 'google_tag_manager_nonce_id': 'nonce', 'google_tag_manager_id': 'gtm' })
end end
context 'when no key is set' do context 'when google tag manager is disabled' do
before do before do
stub_config(extra: {}) allow(helper).to receive(:google_tag_manager_enabled?).and_return(false)
end end
it { is_expected.to be_falsey } it { is_expected.to be_falsey }
end end
context 'when google tag manager is enabled' do
before do
allow(helper).to receive(:google_tag_manager_enabled?).and_return(true)
end
context 'when nonce feature flag is enabled' do
it { is_expected.to eq('nonce') }
end
context 'when nonce feature flag is disabled' do
before do
stub_feature_flags(gtm_nonce: false)
end
it { is_expected.to eq('gtm') }
end
end
end end
describe '#auth_app_owner_text' do describe '#auth_app_owner_text' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment