Module: Gitlab::ContentSecurityPolicy::Directives

Defined in:

lib/gitlab/content_security_policy/directives.rb

Class Method Summary

• .connect_src ⇒ Object
• .frame_src ⇒ Object
• .script_src ⇒ Object
• .style_src ⇒ Object
• .worker_src ⇒ Object

Class Method Details

.connect_src ⇒ Object

# File 'lib/gitlab/content_security_policy/directives.rb', line 10

def self.connect_src
  "'self'"
end

.frame_src ⇒ Object

# File 'lib/gitlab/content_security_policy/directives.rb', line 14

def self.frame_src
  "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html"
end

.script_src ⇒ Object

# File 'lib/gitlab/content_security_policy/directives.rb', line 18

def self.script_src
  "'strict-dynamic' 'self' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.recaptcha.net"
end

.style_src ⇒ Object

# File 'lib/gitlab/content_security_policy/directives.rb', line 22

def self.style_src
  "'self' 'unsafe-inline'"
end

.worker_src ⇒ Object

# File 'lib/gitlab/content_security_policy/directives.rb', line 26

def self.worker_src
  "'self' #{Gitlab::Utils.append_path(Gitlab.config.gitlab.url, 'assets/')} blob: data:"
end