2023-03-04 22:38:38 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
|
|
module Observability
|
|
|
|
|
module ContentSecurityPolicy
|
|
|
|
|
extend ActiveSupport::Concern
|
|
|
|
|
|
|
|
|
|
included do
|
2023-03-17 16:20:25 +05:30
|
|
|
content_security_policy_with_context do |p|
|
|
|
|
|
current_group = if defined?(group)
|
|
|
|
|
group
|
|
|
|
|
else
|
|
|
|
|
defined?(project) ? project&.group : nil
|
|
|
|
|
end
|
|
|
|
|
|
2023-05-27 22:25:52 +05:30
|
|
|
next if p.directives.blank? || !Feature.enabled?(:observability_group_tab, current_group)
|
2023-03-04 22:38:38 +05:30
|
|
|
|
|
|
|
|
default_frame_src = p.directives['frame-src'] || p.directives['default-src']
|
|
|
|
|
|
|
|
|
|
# When ObservabilityUI is not authenticated, it needs to be able
|
|
|
|
|
# to redirect to the GL sign-in page, hence '/users/sign_in' and '/oauth/authorize'
|
2023-05-27 22:25:52 +05:30
|
|
|
frame_src_values = Array.wrap(default_frame_src) | [
|
|
|
|
|
Gitlab::Observability.observability_url,
|
|
|
|
|
Gitlab::Utils.append_path(Gitlab.config.gitlab.url, '/users/sign_in'),
|
|
|
|
|
Gitlab::Utils.append_path(Gitlab.config.gitlab.url, '/oauth/authorize')
|
|
|
|
|
]
|
2023-03-04 22:38:38 +05:30
|
|
|
|
|
|
|
|
p.frame_src(*frame_src_values)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
