26 lines
871 B
Ruby
26 lines
871 B
Ruby
# frozen_string_literal: true
|
|
|
|
# This module is used to return various SaaS related
|
|
# ContentSecurityPolicy Directives src which may be
|
|
# overridden in other variants of GitLab
|
|
|
|
module Gitlab
|
|
module ContentSecurityPolicy
|
|
module Directives
|
|
def self.connect_src
|
|
"'self'"
|
|
end
|
|
|
|
def self.frame_src
|
|
"https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com https://www.googletagmanager.com/ns.html"
|
|
end
|
|
|
|
def self.script_src
|
|
"'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.recaptcha.net https://apis.google.com"
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
Gitlab::ContentSecurityPolicy::Directives.prepend_mod
|