Skip to content

Commit

Permalink
fix: update CSP to allow Google Tag Manager when needed
Browse files Browse the repository at this point in the history
  • Loading branch information
G-Rath committed Jul 28, 2023
1 parent 2e3e6b1 commit 0fa4cf8
Showing 1 changed file with 11 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,13 @@
#
policy.default_src :self
policy.font_src :self
policy.img_src :self
policy.img_src :self, *[
("*.googletagmanager.com" if Rails.application.config.google_analytics_id)
].compact
policy.object_src :none
policy.script_src :self
policy.script_src :self, *[
("*.googletagmanager.com" if Rails.application.config.google_analytics_id)
].compact
policy.style_src :self

# Allow inline-styles
Expand Down Expand Up @@ -90,8 +94,11 @@
# * We want to minimize differences in the CSP header between environments so
# that we can find and fix CSP issues in development but enabling the
# webpack-dev-server to communicate over websockets is an exception.
#
policy.connect_src :self, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
policy.connect_src :self, *[
("*.googletagmanager.com" if Rails.application.config.google_analytics_id),
("http://localhost:3035" if Rails.env.development?),
("ws://localhost:3035" if Rails.env.development?)
].compact

# Enable CSP reporting
# ####################
Expand Down

0 comments on commit 0fa4cf8

Please sign in to comment.