Skip to content

Fix environments tab is empty after upgrading to 16.1

Shinya Maeda requested to merge test-user-access-review-app into master

What does this MR do and why?

This MR fixes that on-premises users on GitLab 16.1 can't view anything in Environment page.

It seems that the Content Security Policy connect-src is set even if the Settings.gitlab.content_security_policy is disabled. (Here is an issue to enable it by default on all on-premises instances. It's not done yet)

This means only one connect-src: <kas-url> is set to the request headers. So essentially users are blocked to execute all requests except the <kas-url>. This is the reason why accessing to environments.json was blocked. Reference. We must set connect-src: self at first and append the connect-src: <kas-url> later.

This MR fixes it by skipping the connect-src: <kas-url> setting when the CSP is disabled on the instance.

Screenshots or screen recordings

This can be reproduced on gitlab review app. Accessing to Project > Operate > Environment page:

Before After
2023-06-27_19-43 2023-06-27_20-56_1 2023-06-27_20-56

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Shinya Maeda

Merge request reports

Loading