From c5b779c1c6b62a1b011fd2ff4e3a57afe25d5f54 Mon Sep 17 00:00:00 2001 From: Dan Tovbein Date: Wed, 18 Dec 2024 06:17:21 -0300 Subject: [PATCH] PLANET-7675: Add vwo expection to CSP list (#2482) Ref: https://jira.greenpeace.org/browse/PLANET-7675 Add vwo expection to CSP list - Add it into the Content Security Policy list and used to run A/B testing with VWO - New p4 option variable --- src/HttpHeaders.php | 7 +++++++ src/Settings.php | 9 +++++++++ 2 files changed, 16 insertions(+) diff --git a/src/HttpHeaders.php b/src/HttpHeaders.php index fd6df568ed..e1609b7909 100644 --- a/src/HttpHeaders.php +++ b/src/HttpHeaders.php @@ -43,6 +43,13 @@ public function send_content_security_policy_header(array $headers): array 'frame-ancestors ' . implode(' ', $allowed_frame_ancestors), ]; + // Add VWO exception to CSP list + $enable_vwo = planet4_get_option('enable_vwo') === 'on'; + if ($enable_vwo) { + // phpcs:disable Generic.Files.LineLength.MaxExceeded + $directives[0] = $directives[0] . ' blob: *.visualwebsiteoptimizer.com *visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io'; + } + $csp_header = implode('; ', $directives); $csp_header = preg_replace("/\r|\n/", '', $csp_header); diff --git a/src/Settings.php b/src/Settings.php index 24345f1712..9aec25b363 100644 --- a/src/Settings.php +++ b/src/Settings.php @@ -475,6 +475,15 @@ public function __construct() 'id' => 'about_us_page', 'type' => $is_new_ia ? 'about_us_page_dropdown' : 'hidden', ], + [ + 'name' => __('VWO A/B testing', 'planet4-master-theme-backend'), + 'desc' => __( + 'Adds a Content Security Policy exception for VWO.', + 'planet4-master-theme-backend' + ), + 'id' => 'enable_vwo', + 'type' => 'checkbox', + ], ], ], 'planet4_settings_features' => Features::get_options_page(),