Allow OneTrust script in SAML group pages

What does this MR do and why?

Currently, the Cookie Preferences button in the SAML group pages is not displaying the cookie menu. This is caused by the following CORS problem:

Refused to connect to 'https://cdn.cookielaw.org/consent/7f944245-c5cd-4eed-a90e-dd955adfdd08/7f944245-c5cd-4eed-a90e-dd955adfdd08.json' because it violates the following Content Security Policy directive: "connect-src 'self' wss://gitlab.com https://sentry.gitlab.net https://new-sentry.gitlab.net https://collector.prd-278964.gl-product-analytics.com snowplow.trx.gitlab.net".

Adding the OneTrust content security policy header resolves the issue.

In addition, we set the preferred_language cookie so the language switcher doesn't crash.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screen_Recording_2024-01-23_at_18.34.39

How to set up and validate locally

To check the issue, open the web console in Chrome and go to https://gitlab.com/groups/gitlab-com/-/saml/sso

To see it working locally (like in the movie above), one needs to enable SAML.

assigned to @eduardosanz

changed milestone to %16.9

added bugux groupauthentication typebug labels

added devopsgovern sectionsec labels

@dblessing, I wonder if you could review (and maybe merge directly) this one line MR? Thanks!

requested review from @dblessing

added backend label

	2 Warnings
	1eb83616: The commit body should not contain more than 72 characters per line. For more information, take a look at our Commit message guidelines.
	You've made some app changes, but didn't add any tests. That's OK as long as you're refactoring existing code, but please consider adding any of the maintenancepipelines, maintenancerefactor, maintenanceworkflow, documentation, QA labels.

	1 Message
	CHANGELOG missing: If this merge request needs a changelog entry, add the Changelog trailer to the commit message you want to add to the changelog. If this merge request doesn't need a CHANGELOG entry, feel free to ignore this message.

Reviewer roulette

Changes that require review have been detected!

Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:

Category	Reviewer	Maintainer
backend	@tigerwnz (UTC+8, 7 hours ahead of author)	@jessieay (UTC-8, 9 hours behind author)

Please check reviewer's status!

• Reviewer is available!
• Reviewer is unavailable!

Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.

To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.

Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

E2E Test Result Summary

allure-report-publisher generated test report!

e2e-test-on-gdk: test report for 1eb83616

expand test summary

+------------------------------------------------------------------+
|                          suites summary                          |
+-------------+--------+--------+---------+-------+-------+--------+
|             | passed | failed | skipped | flaky | total | result |
+-------------+--------+--------+---------+-------+-------+--------+
| Plan        | 4      | 0      | 0       | 0     | 4     | ✅     |
| Govern      | 65     | 0      | 1       | 0     | 66    | ✅     |
| Create      | 8      | 0      | 3       | 0     | 11    | ✅     |
| Data Stores | 2      | 0      | 0       | 0     | 2     | ✅     |
| Monitor     | 4      | 0      | 0       | 0     | 4     | ✅     |
| Package     | 0      | 0      | 1       | 0     | 1     | ➖     |
+-------------+--------+--------+---------+-------+-------+--------+
| Total       | 83     | 0      | 5       | 0     | 88    | ✅     |
+-------------+--------+--------+---------+-------+-------+--------+

e2e-package-and-test: test report for 1eb83616

expand test summary

+------------------------------------------------------------------+
|                          suites summary                          |
+-------------+--------+--------+---------+-------+-------+--------+
|             | passed | failed | skipped | flaky | total | result |
+-------------+--------+--------+---------+-------+-------+--------+
| Govern      | 268    | 0      | 25      | 4     | 293   | ✅     |
| Create      | 144    | 0      | 24      | 2     | 168   | ✅     |
| Package     | 0      | 0      | 2       | 0     | 2     | ➖     |
| Monitor     | 8      | 0      | 0       | 0     | 8     | ✅     |
| Data Stores | 4      | 0      | 0       | 0     | 4     | ✅     |
| Plan        | 8      | 0      | 0       | 0     | 8     | ✅     |
+-------------+--------+--------+---------+-------+-------+--------+
| Total       | 432    | 0      | 51      | 6     | 483   | ✅     |
+-------------+--------+--------+---------+-------+-------+--------+

changed the description

added 1 commit

• 1eb83616 - Allow OneTrust script in SAML group pages

Compare with previous version

approved this merge request

@dblessing, thanks for approving this merge request.

This is the first time the merge request has been approved. To ensure we don't only run predictive pipelines, and we don't break master, a new pipeline will be started shortly.

Please wait for the pipeline to start before resolving this discussion and set auto-merge for the new pipeline. See merging a merge request for more details.

added pipeline:mr-approved label

LGTM. I think this is safe because if anything goes wrong we can disable OneTrust and the content security policy should be bypassed.

enabled an automatic merge when all merge checks for 1eb83616 pass

resolved all threads

merged

mentioned in commit c80af3e4

added workflowstaging-canary label