GitLab.com for Jira app self-managed - add more instance paths to CSP (!96707) · Merge requests · GitLab.org / GitLab

Andy Schoenen requested to merge andysoiron/add-full-instance-url-to-content-security-policy into master Aug 31, 2022

What does this MR do and why?

This is a part of the epic to make the GitLab for Jira app available for self-managed (&5650 (closed))

GitLab SaaS will act as a proxy for a self-managed instance and therefore will have to call a few endpoints. To allow this, they need to be added to the content security policy. We already did this with /-/jira_connect/oauth_application_id here.

In addition to this, we need to allow

/-/jira_connect/*
/api/*

Related issue: #372975 (closed)

How to set up and validate locally

The OAuth flow can be tested using this instructions. Testing the self-managed flow is behind the jira_connect_oauth_self_managed feature flag. It's currently not guaranteed that it can be tested because there is still work to do on frontend and backend. We will do an intensive manual QA once everything is done.

You can follow the ongoing work in the related epic: &5650 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Sep 08, 2022 by Andy Schoenen

GitLab.com for Jira app self-managed - add more instance paths to CSP

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports