Allow OneTrust script in SAML group pages
What does this MR do and why?
Currently, the Cookie Preferences
button in the SAML group pages is
not displaying the cookie menu. This is caused by the following CORS
problem:
Refused to connect to 'https://cdn.cookielaw.org/consent/7f944245-c5cd-4eed-a90e-dd955adfdd08/7f944245-c5cd-4eed-a90e-dd955adfdd08.json' because it violates the following Content Security Policy directive: "connect-src 'self' wss://gitlab.com https://sentry.gitlab.net https://new-sentry.gitlab.net https://collector.prd-278964.gl-product-analytics.com snowplow.trx.gitlab.net".
Adding the OneTrust content security policy header resolves the issue.
In addition, we set the preferred_language cookie so the language switcher doesn't crash.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screen_Recording_2024-01-23_at_18.34.39
How to set up and validate locally
To check the issue, open the web console in Chrome and go to https://gitlab.com/groups/gitlab-com/-/saml/sso
To see it working locally (like in the movie above), one needs to enable SAML.
Edited by Eduardo Sanz García