Merge branch 'csp-sentry' into 'master'

Modify CSP when Sentry is configured See merge request gitlab-org/gitlab!67791

Merge branch 'csp-sentry' into 'master'
Modify CSP when Sentry is configured See merge request gitlab-org/gitlab!67791
d1422c4b · Dylan Griffith · 8e186283 · 1081915a · d1422c4b · d1422c4b
Commit d1422c4b authored Aug 12, 2021 by Dylan Griffith
2 changed files
--- a/lib/gitlab/content_security_policy/config_loader.rb
+++ b/lib/gitlab/content_security_policy/config_loader.rb
@@ -38,6 +38,7 @@ module Gitlab
        allow_webpack_dev_server(settings_hash) if Rails.env.development?
        allow_cdn(settings_hash, cdn_host) if cdn_host.present?
        allow_customersdot(settings_hash) if Rails.env.development? && ENV['CUSTOMER_PORTAL_URL'].present?
+        allow_sentry(settings_hash) if Gitlab.config.sentry&.enabled && Gitlab.config.sentry&.clientside_dsn

        settings_hash
      end
@@ -90,6 +91,14 @@ module Gitlab

        append_to_directive(settings_hash, 'frame_src', customersdot_host)
      end
+
+      def self.allow_sentry(settings_hash)
+        sentry_dsn = Gitlab.config.sentry.clientside_dsn
+        sentry_uri = URI(sentry_dsn)
+        sentry_uri.user = nil
+
+        append_to_directive(settings_hash, 'connect_src', sentry_uri.to_s)
+      end
    end
  end
 end
--- a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
+++ b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
@@ -61,6 +61,18 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
      end
    end

+    context 'when sentry is configured' do
+      before do
+        stub_sentry_settings
+      end
+
+      it 'adds sentry path to CSP without user' do
+        directives = settings['directives']
+
+        expect(directives['connect_src']).to eq("'self' dummy://example.com/43")
+      end
+    end
+
    context 'when CUSTOMER_PORTAL_URL is set' do
      before do
        stub_env('CUSTOMER_PORTAL_URL', 'https://customers.example.com')