Allow empty directives for the CSP
What does this MR do?
Related issues
No issues but this is blocking gitlab-com/gl-infra/k8s-workloads/gitlab-com!1613 (merged) and progress on gitlab-org&6363
There is a check that makes sure directives are set when the content security policy (CSP) is enabled, however the product now supports that config and generates a secure CSP automatically. We're deploying this configuration to staging and would eventually like this to be enabled by default for self-managed and even .com.
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion.
Required
-
Merge Request Title and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated (Inspired by gitlab-org/omnibus-gitlab!5920 (merged)) -
Tests added -
Integration tests added to GitLab QA - [-] Equivalent MR/issue for omnibus-gitlab opened Omnibus already supports this config
Edited by Jason Plum