Adding content_security_policy_with_context helper (!107600) · Merge requests · GitLab.org / GitLab

Daniele Rossetti requested to merge rossetd/adding_content_security_policy_with_context into master Dec 21, 2022

What does this MR do and why?

Initially added as part of !107242 (merged), I've extracted this out in its own MR.

content_security_policy_with_context makes the caller's context available to the invoked block, as this is currently not accessible from content_security_policy. It can be useful for instance for dynamically adding CSP rules depending on the context (group, user, etc)

This patch is already available in content_security_policy starting with Rails 7.2. https://github.com/rails/rails/pull/45115. We can remove this one whenever we upgrade.

All credits to @splattael

Screenshots or screen recordings

How to set up and validate locally

Run spec

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Dec 22, 2022 by Daniele Rossetti

Adding content_security_policy_with_context helper

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports