diff options
| -rw-r--r-- | config/initializers/secure_headers.rb | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb index 253e3cf7410..9fd24a667cc 100644 --- a/config/initializers/secure_headers.rb +++ b/config/initializers/secure_headers.rb @@ -4,7 +4,14 @@ require 'gitlab/current_settings' include Gitlab::CurrentSettings -CSP_REPORT_URI = '' +# If Sentry is enabled and the Rails app is running in production mode, +# this will construct the Report URI for Sentry. +if Rails.env.production? && current_application_settings.sentry_enabled + uri = URI.parse(current_application_settings.sentry_dsn) + CSP_REPORT_URI = "#{uri.scheme}://#{uri.host}/api#{uri.path}/csp-report/?sentry_key=#{uri.user}" +else + CSP_REPORT_URI = '' +end # Content Security Policy Headers # For more information on CSP see: @@ -64,7 +71,10 @@ SecureHeaders::Configuration.default do |config| upgrade_insecure_requests: true } - config.csp[:report_uri] = %W(#{CSP_REPORT_URI}) + # Reports are sent to Sentry if it's enabled. + if current_application_settings.sentry_enabled + config.csp[:report_uri] = %W(#{CSP_REPORT_URI}) + end # Allow Bootstrap Linter in development mode. if Rails.env.development? |