Enable 'self' in Content-Security-Policy worker-src directive (!147472) · Merge requests · GitLab.org / GitLab · GitLab

Stan Hu requested to merge sh-csp-worker-self-src into master Mar 20, 2024

What does this MR do and why?

In GitLab development, Vite appears to load workers from the GitLab origin. Add 'self' to allow those requests.

This originally was discovered in !147366 (comment 1822665318).

How to set up and validate locally

Check out this branch.
With the Network inspector open, visit a project page.
Verify that the Content-Security-Policy header contains 'self' for worker-src.

Edited Mar 20, 2024 by Stan Hu