Allow embedding of GitLab snippets (#6217)

server/services/web.ts

@@ -24,9 +24,19 @@ import auth from "../routes/auth";
 
 // Construct scripts CSP based on services in use by this installation
 const defaultSrc = ["'self'"];
-const scriptSrc = ["'self'", "gist.github.com", "www.googletagmanager.com"];
+const scriptSrc = [
+  "'self'",
+  "gist.github.com",
+  "www.googletagmanager.com",
+  "gitlab.com",
+];
 
-const styleSrc = ["'self'", "'unsafe-inline'", "github.githubassets.com"];
+const styleSrc = [
+  "'self'",
+  "'unsafe-inline'",
+  "github.githubassets.com",
+  "gitlab.com",
+];
 
 if (env.isCloudHosted) {
   scriptSrc.push("cdn.zapier.com");