Add Zuora Content Security Policy to GitLab.com
What does this MR do and why?
Describe in detail what your merge request does and why.
With this change, we aim to introduce an additional URL to the CSP to allow the Zuora (Hosted Payment Page) to load via iframe. This relates to #387497 (closed). Please see the discussion here for more info.
No behaviour should change (but the related bug should be fixed
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
This requires both gdk
and CustomersDot running (installation steps here).
- Setup the HPM in Zuora Api Sandbox, you have two ways:
- create an HPM similar to this: https://apisandbox.zuora.com/apps/HostedPageLite.do?method=preview&id=8ad099157fd495bf017fdadbab7e6959 – for URL/host, use your
gdk
host - just use mine
😇 (but please, do not change the configuration) – it assumes you rungdk
onhttp://localhost:3000
- create an HPM similar to this: https://apisandbox.zuora.com/apps/HostedPageLite.do?method=preview&id=8ad099157fd495bf017fdadbab7e6959 – for URL/host, use your
- copy the
id
of the page (mine is8ad099157fd495bf017fdadbab7e6959
) - go to
secrets.yml
in CustomersDot and use it forzuora_payment_method_validation_page_id
indevelopment
settings (if not there, add it manually) - (restart CustomersDot)
- go to the
gdk
rails console and typeFeature.enable(:ci_require_credit_card_on_free_plan)
Then:
- Create a new account (or use an account which doesn't have a Credit Card added yet)
- Create a group and a project under the group
- Under the project, go to Settings > CI/CD -> Expand
Runners
section - Toggle shared runners off and then on => An alert asking to validate the account should appear
- Click on Validate button
- You should see the Payment form to validate the Credit Card (see screenshot)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #387497 (closed)