WIP: Add CSP headers to GitLab
This is essentially a rehash of !4770 (merged). This will cause pretty much the same problems we saw in the original implementation, the Report URL should be changed based on the decision we end up making in gitlab-com/infrastructure#1062 (closed).
TODO:
-
Make the report URI send to a secondary Sentry instance -
Add an option in the Admin settings to toggle CSP (alternatively make it a config setting if an admin setting isn't possible)
Relevant issues: #18231 (moved), #27094 (moved)
cc: @briann