diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-05 18:08:43 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-05 18:08:43 +0000 |
| commit | e129eff88309eca18f3902afd710e2e07393fe45 (patch) | |
| tree | 2dd9399fdcfdee719d51e63cd821adc58165ccb3 /app/controllers/jira_connect | |
| parent | 205b6baf2677879c35968d2b659225b58e8a1227 (diff) | |
| download | gitlab-ce-e129eff88309eca18f3902afd710e2e07393fe45.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/controllers/jira_connect')
| -rw-r--r-- | app/controllers/jira_connect/oauth_application_ids_controller.rb | 9 | ||||
| -rw-r--r-- | app/controllers/jira_connect/subscriptions_controller.rb | 8 |
2 files changed, 16 insertions, 1 deletions
diff --git a/app/controllers/jira_connect/oauth_application_ids_controller.rb b/app/controllers/jira_connect/oauth_application_ids_controller.rb index 05c23210da2..a84b47f4c8b 100644 --- a/app/controllers/jira_connect/oauth_application_ids_controller.rb +++ b/app/controllers/jira_connect/oauth_application_ids_controller.rb @@ -5,9 +5,10 @@ module JiraConnect feature_category :integrations skip_before_action :authenticate_user! + skip_before_action :verify_authenticity_token def show - if Feature.enabled?(:jira_connect_oauth_self_managed) && jira_connect_application_key.present? + if show_application_id? render json: { application_id: jira_connect_application_key } else head :not_found @@ -16,6 +17,12 @@ module JiraConnect private + def show_application_id? + return if Gitlab.com? + + Feature.enabled?(:jira_connect_oauth_self_managed) && jira_connect_application_key.present? + end + def jira_connect_application_key Gitlab::CurrentSettings.jira_connect_application_key.presence end diff --git a/app/controllers/jira_connect/subscriptions_controller.rb b/app/controllers/jira_connect/subscriptions_controller.rb index 2ba9f8264e1..623113f8413 100644 --- a/app/controllers/jira_connect/subscriptions_controller.rb +++ b/app/controllers/jira_connect/subscriptions_controller.rb @@ -25,6 +25,7 @@ class JiraConnect::SubscriptionsController < JiraConnect::ApplicationController before_action :allow_rendering_in_iframe, only: :index before_action :verify_qsh_claim!, only: :index + before_action :allow_self_managed_content_security_policy, only: :index before_action :authenticate_user!, only: :create def index @@ -62,6 +63,13 @@ class JiraConnect::SubscriptionsController < JiraConnect::ApplicationController private + def allow_self_managed_content_security_policy + return unless current_jira_installation.instance_url? + + request.content_security_policy.directives['connect-src'] ||= [] + request.content_security_policy.directives['connect-src'] << Gitlab::Utils.append_path(current_jira_installation.instance_url, '/-/jira_connect/oauth_application_ids') + end + def create_service JiraConnectSubscriptions::CreateService.new(current_jira_installation, current_user, namespace_path: params['namespace_path'], jira_user: jira_user) end |