Merge branch 'csp-sentry' into 'master'

Modify CSP when Sentry is configured

See merge request gitlab-org/gitlab!67791

lib/gitlab/content_security_policy/config_loader.rb

@@ -38,6 +38,7 @@ module Gitlab
         allow_webpack_dev_server(settings_hash) if Rails.env.development?
         allow_cdn(settings_hash, cdn_host) if cdn_host.present?
         allow_customersdot(settings_hash) if Rails.env.development? && ENV['CUSTOMER_PORTAL_URL'].present?
+        allow_sentry(settings_hash) if Gitlab.config.sentry&.enabled && Gitlab.config.sentry&.clientside_dsn
 
         settings_hash
       end
@@ -90,6 +91,14 @@ module Gitlab
 
         append_to_directive(settings_hash, 'frame_src', customersdot_host)
       end
+
+      def self.allow_sentry(settings_hash)
+        sentry_dsn = Gitlab.config.sentry.clientside_dsn
+        sentry_uri = URI(sentry_dsn)
+        sentry_uri.user = nil
+
+        append_to_directive(settings_hash, 'connect_src', sentry_uri.to_s)
+      end
     end
   end
 end

spec/lib/gitlab/content_security_policy/config_loader_spec.rb

@@ -61,6 +61,18 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
       end
     end
 
+    context 'when sentry is configured' do
+      before do
+        stub_sentry_settings
+      end
+
+      it 'adds sentry path to CSP without user' do
+        directives = settings['directives']
+
+        expect(directives['connect_src']).to eq("'self' dummy://example.com/43")
+      end
+    end
+
     context 'when CUSTOMER_PORTAL_URL is set' do
       before do
         stub_env('CUSTOMER_PORTAL_URL', 'https://customers.example.com')