RubyDoc.info: Module: Gitlab::ContentSecurityPolicy::Directives – Documentation for gitlabhq/gitlabhq (master)

.connect_src ⇒ `Object`



10
11
12

# File 'lib/gitlab/content_security_policy/directives.rb', line 10

def self.connect_src
  "'self'"
end

.frame_src ⇒ `Object`

# File 'lib/gitlab/content_security_policy/directives.rb', line 14

def self.frame_src
  base_urls = "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html"

  ENV['O11Y_URL'].present? ? "#{base_urls} #{ENV['O11Y_URL']}" : base_urls
end

.script_src ⇒ `Object`



20
21
22

# File 'lib/gitlab/content_security_policy/directives.rb', line 20

def self.script_src
  "'strict-dynamic' 'self' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.recaptcha.net"
end

.style_src ⇒ `Object`



24
25
26

# File 'lib/gitlab/content_security_policy/directives.rb', line 24

def self.style_src
  "'self' 'unsafe-inline'"
end

.worker_src ⇒ `Object`



28
29
30

# File 'lib/gitlab/content_security_policy/directives.rb', line 28

def self.worker_src
  "'self' #{Gitlab::Utils.append_path(Gitlab.config.gitlab.url, 'assets/')} blob: data:"
end

Module: Gitlab::ContentSecurityPolicy::Directives

Class Method Summary collapse

Class Method Details

.connect_src ⇒ `Object`

.frame_src ⇒ `Object`

.script_src ⇒ `Object`

.style_src ⇒ `Object`

.worker_src ⇒ `Object`

Module: Gitlab::ContentSecurityPolicy::Directives

Class Method Summary collapse

Class Method Details

.connect_src ⇒ Object

.frame_src ⇒ Object

.script_src ⇒ Object

.style_src ⇒ Object

.worker_src ⇒ Object

.connect_src ⇒ `Object`

.frame_src ⇒ `Object`

.script_src ⇒ `Object`

.style_src ⇒ `Object`

.worker_src ⇒ `Object`