Sign-in page yields CSP errors
Description
The GitLab sign-in page (https://gitlab.com/users/sign_in) contains CSP errors when trying to access different resources:
Refused to connect to 'https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G100&rnd=1358030642.1693838702&url=https%3A%2F%2Fgitlab.com%2Fusers%2Fsign_in>m=45He38u0n71NJXWQL&auid=719227353.1693838675'
Refused to connect to 'https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-37019925-1&cid=830973242.1693838673&jid=1846356026&gjid=1052838234&_gid=436846026.1693838675&_u=QCCAgEABAAAAAGAEK~&z=1759771248'
Refused to frame 'https://insight.adsrvr.org/' because it violates the following Content Security Policy directive: "frame-src 'self'
These errors could indicate a problem in the setup we use on googleads or something else.
They also cause an immediate issue in our Sentry reporting as many of the errors get reported in Sentry, creating noise. Additionally, given so many of our users are engineers and curious, our users may see these errors and get a wrong impression of our quality (a papercut).
How to reproduce
- From a fresh browser (can be an incognito window)
- Visit https://gitlab.com/users/sign_in
- Open the development console of the browser