Fix environments tab is empty after upgrading to 16.1
What does this MR do and why?
This MR fixes that on-premises users on GitLab 16.1 can't view anything in Environment page.
It seems that the Content Security Policy connect-src
is set even if the Settings.gitlab.content_security_policy
is disabled. (Here is an issue to enable it by default on all on-premises instances. It's not done yet)
This means only one connect-src: <kas-url>
is set to the request headers. So essentially users are blocked to execute all requests except the <kas-url>
. This is the reason why accessing to environments.json
was blocked. Reference. We must set connect-src: self
at first and append the connect-src: <kas-url>
later.
This MR fixes it by skipping the connect-src: <kas-url>
setting when the CSP is disabled on the instance.
Screenshots or screen recordings
This can be reproduced on gitlab review app. Accessing to Project > Operate > Environment page:
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.