Enable Google Syndication CSP on registration flow
What does this MR do and why?
The URLs https://www.google.com/pagead/landing
and https://pagead2.googlesyndication.com/pagead/landing
are being blocked by the CSP. @dennischarukulvanich
validated that we expect those calls to go through "within the account signups and trial registrations flow". We need to add those URLs to the connect-src
directive of the CSP on those pages.
In production visit the sign in page without being logged in and you can observe the blocked URLs in your browser's dev tools' network tab.
How to set up and validate locally
- Set
GITLAB_SIMULATE_SAAS=1
in your environment to make GDK act as SaaS, since this change only affects SaaS. - Add to
config/gitlab.yml
:
extra:
google_tag_manager_nonce_id: 'test'
google_tag_manager_id: 'test'
- Start or restart your GDK
- Visit
localhost:3000/users/sign_in
- Use CSP evaluator to check the CSP for the page and verify that the Google Syndication policies are in place:
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #417052 (closed)
Edited by Serhii Yarynovskyi