debian-mirror-gitlab/app/controllers/concerns/observability/content_security_policy.rb

# frozen_string_literal: true

module Observability
  module ContentSecurityPolicy
    extend ActiveSupport::Concern

    included do
      content_security_policy do |p|
        next if p.directives.blank? || Gitlab::Observability.observability_url.blank?

        default_frame_src = p.directives['frame-src'] || p.directives['default-src']

        # When ObservabilityUI is not authenticated, it needs to be able
        # to redirect to the GL sign-in page, hence '/users/sign_in' and '/oauth/authorize'
        frame_src_values = Array.wrap(default_frame_src) | [Gitlab::Observability.observability_url,
                                                            Gitlab::Utils.append_path(Gitlab.config.gitlab.url,
'/users/sign_in'),
                                                            Gitlab::Utils.append_path(Gitlab.config.gitlab.url,
'/oauth/authorize')]

        p.frame_src(*frame_src_values)
      end
    end
  end
end
New upstream version 15.7.8+ds1 2023-03-04 22:38:38 +05:30			`# frozen_string_literal: true`

			`module Observability`
			`module ContentSecurityPolicy`
			`extend ActiveSupport::Concern`

			`included do`
			`content_security_policy do \|p\|`
			`next if p.directives.blank? \|\| Gitlab::Observability.observability_url.blank?`

			`default_frame_src = p.directives['frame-src'] \|\| p.directives['default-src']`

			`# When ObservabilityUI is not authenticated, it needs to be able`
			`# to redirect to the GL sign-in page, hence '/users/sign_in' and '/oauth/authorize'`
			`frame_src_values = Array.wrap(default_frame_src) \| [Gitlab::Observability.observability_url,`
			`Gitlab::Utils.append_path(Gitlab.config.gitlab.url,`
			`'/users/sign_in'),`
			`Gitlab::Utils.append_path(Gitlab.config.gitlab.url,`
			`'/oauth/authorize')]`

			`p.frame_src(*frame_src_values)`
			`end`
			`end`
			`end`
			`end`