Make enabling content_security_policy configurable via gdk.yml (!2720) · Merge requests · GitLab.org / GitLab Development Kit · GitLab

Dennis Tang requested to merge dennis-configurable-content-security-policy into main Aug 17, 2022

What does this Merge Request do and why?

This MR adds the gitlab.rails.content_security_policy.enabled setting (enabled by default) along with accompanying gitlab/config/gitlab.yml template changes and assists with https://gitlab.com/gitlab-org/analytics-section/product-analytics/devkit#disable-cors.

Merge Request checklist

This change is backward compatible. If not, please include steps to communicate to our users.
Tests added for new functionality. If not, please raise Issue to follow-up.
Documentation added/updated, if needed.
gdk doctor test added, if needed.
Add the ~highlight label if this MR should be included in the CHANGELOG.md.

Edited Mar 01, 2023 by Ash McKenzie