summaryrefslogtreecommitdiff
path: root/app/controllers/groups
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/groups')
-rw-r--r--app/controllers/groups/observability_controller.rb23
1 files changed, 3 insertions, 20 deletions
diff --git a/app/controllers/groups/observability_controller.rb b/app/controllers/groups/observability_controller.rb
index 4b1f2b582ce..3baa5e830ff 100644
--- a/app/controllers/groups/observability_controller.rb
+++ b/app/controllers/groups/observability_controller.rb
@@ -1,18 +1,9 @@
# frozen_string_literal: true
module Groups
class ObservabilityController < Groups::ApplicationController
- feature_category :tracing
-
- content_security_policy do |p|
- next if p.directives.blank?
-
- default_frame_src = p.directives['frame-src'] || p.directives['default-src']
+ include ::Observability::ContentSecurityPolicy
- # When ObservabilityUI is not authenticated, it needs to be able to redirect to the GL sign-in page, hence 'self'
- frame_src_values = Array.wrap(default_frame_src) | [observability_url, "'self'"]
-
- p.frame_src(*frame_src_values)
- end
+ feature_category :tracing
before_action :check_observability_allowed
@@ -34,16 +25,8 @@ module Groups
render 'observability', layout: 'group', locals: { base_layout: 'layouts/fullscreen' }
end
- def self.observability_url
- Gitlab::Observability.observability_url
- end
-
- def observability_url
- self.class.observability_url
- end
-
def check_observability_allowed
- return render_404 unless observability_url.present?
+ return render_404 unless Gitlab::Observability.observability_url.present?
render_404 unless can?(current_user, :read_observability, @group)
end
View Lorry Controller Status