kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Fix the Sentry spam from CSP violations by disabling it.

Browse source
This commit is contained in:
Connor Shea 2016-07-19 22:24:27 -06:00
parent f2cd21e894
commit 38577d6825
No known key found for this signature in database
GPG key ID: E52237E5B35A83E6
1 changed files with 2 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
config/initializers/secure_headers.rb
View file

@ -4,14 +4,7 @@
require 'gitlab/current_settings'
include Gitlab::CurrentSettings
# If Sentry is enabled and the Rails app is running in production mode,
# this will construct the Report URI for Sentry.
if Rails.env.production? && current_application_settings.sentry_enabled
uri = URI.parse(current_application_settings.sentry_dsn)
CSP_REPORT_URI = "#{uri.scheme}://#{uri.host}/api#{uri.path}/csp-report/?sentry_key=#{uri.user}"
else
CSP_REPORT_URI = ''
end
CSP_REPORT_URI = ''
# Content Security Policy Headers
# For more information on CSP see:
@ -71,10 +64,7 @@ SecureHeaders::Configuration.default do |config|
upgrade_insecure_requests: true
}
# Reports are sent to Sentry if it's enabled.
if current_application_settings.sentry_enabled
config.csp[:report_uri] = %W(#{CSP_REPORT_URI})
end
config.csp[:report_uri] = %W(#{CSP_REPORT_URI})
# Allow Bootstrap Linter in development mode.
if Rails.env.development?