Enable Google Syndication CSP on registration flow (!128478) · Merge requests · GitLab.org / GitLab

Serhii Yarynovskyi requested to merge 417052-enable-google-syndication-csp-registration-flow into master Aug 04, 2023

What does this MR do and why?

The URLs https://www.google.com/pagead/landing and https://pagead2.googlesyndication.com/pagead/landing are being blocked by the CSP. @dennischarukulvanich validated that we expect those calls to go through "within the account signups and trial registrations flow". We need to add those URLs to the connect-src directive of the CSP on those pages.

In production visit the sign in page without being logged in and you can observe the blocked URLs in your browser's dev tools' network tab.

How to set up and validate locally

Set GITLAB_SIMULATE_SAAS=1 in your environment to make GDK act as SaaS, since this change only affects SaaS.
Add to config/gitlab.yml:

  extra:
    google_tag_manager_nonce_id: 'test'
    google_tag_manager_id: 'test'

Start or restart your GDK
Visit localhost:3000/users/sign_in
Use CSP evaluator to check the CSP for the page and verify that the Google Syndication policies are in place:

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #417052 (closed)

Edited Aug 08, 2023 by Serhii Yarynovskyi

Enable Google Syndication CSP on registration flow

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports