DIGG-456: Updating CSP rules

diggsweden · Oct 18, 2024 · 13cc209 · 13cc209
1 parent 2ca50ef
commit 13cc209
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/utilities/generateCsp.ts b/utilities/generateCsp.ts
@@ -55,7 +55,7 @@ const generateCSP = ({ nonce }: generateCSPProps = {}) => {
     "font-src",
     `'self' data: https://static.entryscape.com https://static.cdn.entryscape.com`,
   );
-  add("base-uri", `'self' https://webbanalys-dashboard.digg.se/`);
+  add("base-uri", `'self'  https://webbanalys-dashboard.digg.se`);
   add("manifest-src", `'self'`);
   add("form-action", `'self'`);
   add(
@@ -79,9 +79,13 @@ const generateCSP = ({ nonce }: generateCSPProps = {}) => {
   add("style-src-attr", `'self' 'unsafe-inline'`);
   add(
     "connect-src",
-    `'self' https://* http://127.0.0.1:1300/ https://admin.dataportal.se https://editera.dataportal.se https://webbanalys.digg.se ${
+    `'self' https://* http://127.0.0.1:1300/ ${
       reactEnv("APOLLO_URL") || ""
-    } https://* webbanalys.digg.se webbanalys-dashboard.digg.se statsapi.screen9.com`,
+    } https://* webbanalys.digg.se webbanalys-dashboard.digg.se statsapi.screen9.com https://admin.dataportal.se https://editera.dataportal.se https://webbanalys.digg.se`,
+  );
+  add(
+    "script-src",
+    `'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://webbanalys-dashboard.digg.se/js/container_hV6fNi9j_preview.js https://webbanalys.digg.se/js/container_hV6fNi9j.js`,
   );
 
   // Return the object in a formatted value