Merge branch 'zoura-concern-subscriptions-controller' into 'master'

Use Zuora CSP Concern in Subscriptions Controller

See merge request gitlab-org/gitlab!91440

ee/app/controllers/subscriptions_controller.rb

@@ -5,6 +5,7 @@ class SubscriptionsController < ApplicationController
   SUCCESS_ADDON = 'Success: add-on'
   include InternalRedirect
   include OneTrustCSP
+  include ZuoraCSP
 
   layout 'minimal'
   skip_before_action :authenticate_user!, only: [:new]
@@ -18,23 +19,6 @@ class SubscriptionsController < ApplicationController
   feature_category :purchase
   urgency :low
 
-  content_security_policy do |p|
-    next if p.directives.blank?
-
-    default_script_src = p.directives['script-src'] || p.directives['default-src']
-    script_src_values = Array.wrap(default_script_src) | ["'self'", "'unsafe-eval'", 'https://*.zuora.com']
-
-    default_frame_src = p.directives['frame-src'] || p.directives['default-src']
-    frame_src_values = Array.wrap(default_frame_src) | ["'self'", 'https://*.zuora.com']
-
-    default_child_src = p.directives['child-src'] || p.directives['default-src']
-    child_src_values = Array.wrap(default_child_src) | ["'self'", 'https://*.zuora.com']
-
-    p.script_src(*script_src_values)
-    p.frame_src(*frame_src_values)
-    p.child_src(*child_src_values)
-  end
-
   def new
     if current_user
       @namespace =