debian-mirror-gitlab/lib/gitlab/content_security_policy/directives.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

30 lines
940 B
Ruby
Raw Normal View History

2021-12-11 22:18:48 +05:30
# frozen_string_literal: true
# This module is used to return various SaaS related
# ContentSecurityPolicy Directives src which may be
# overridden in other variants of GitLab
module Gitlab
module ContentSecurityPolicy
module Directives
2022-05-07 20:08:51 +05:30
def self.connect_src
"'self'"
end
2021-12-11 22:18:48 +05:30
def self.frame_src
2022-01-26 12:08:38 +05:30
"https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com https://www.googletagmanager.com/ns.html"
2021-12-11 22:18:48 +05:30
end
def self.script_src
"'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.recaptcha.net https://apis.google.com"
end
2023-04-23 21:23:45 +05:30
def self.style_src
"'self' 'unsafe-inline'"
end
2021-12-11 22:18:48 +05:30
end
end
end
Gitlab::ContentSecurityPolicy::Directives.prepend_mod