Merge pull request #2308 from openstax/csp-dev

nathanstitt · web-flow · commit 961ba33b8a32 · 2021-04-26T10:21:44.000-05:00
add additional urls to allowed CSP in dev mode
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
@@ -14,8 +14,14 @@
 
 #   # Specify URI for violation reports
 #   # policy.report_uri "/csp-violation-report-endpoint"
-
-  policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
+  if Rails.env.development?
+    policy.connect_src :self, :https,
+      "http://localhost:2999/api/user",
+      "http://localhost:8000",
+      "http://localhost:3035",
+      "ws://localhost:3035",
+      "ws://localhost:8000"
+  end
 end
 
 # If you are using UJS then enable automatic nonce generation
