Failed to load media resources from external object storage since CSP is enabled by default from 13.12

Summary

When using external object storage for storing uploads. Some media resources (video/audio) failed to be load correctly due to the CSP is enabled by default from 13.12. See #30720.

Steps to reproduce

1. Setup external object storage which have different domain with the gitlab instance for storing uploads from users
2. Upload a video to issue or MR comments
3. The video can not be loaded correctly with following errors show up in the console

2484:1 Refused to load media from '<my object storage>' because it violates the following Content Security Policy directive: "media-src 'self'".

Example Project

What is the current bug behavior?

What is the expected correct behavior?

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)
(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)
(we will only investigate if the tests are passing)

Possible fixes

Add object storage endpoint to the media-src in CSP headers.