Allow eu-assets.i.posthog.com

louischan-oursky · louischan-oursky · commit d012c5382589 · 2024-04-29T19:10:10.000+08:00
diff --git a/pkg/lib/web/csp.go b/pkg/lib/web/csp.go
@@ -158,6 +158,10 @@ var wwwgoogletagmanagercom = CSPHostSource{
 	Host: "www.googletagmanager.com",
 }
 
+var euassetsiposthogcom = CSPHostSource{
+	Host: "eu-assets.i.posthog.com",
+}
+
 var cdnjscloudflarecom = CSPHostSource{
 	Host: "cdnjs.cloudflare.com",
 }
@@ -202,10 +206,15 @@ func CSPDirectives(opts CSPDirectivesOptions) ([]string, error) {
 			},
 		}
 	}
-	scriptSrc = append(scriptSrc, wwwgoogletagmanagercom, CSPHostSource{
-		Scheme: "https",
-		Host:   "browser.sentry-cdn.com",
-	})
+	scriptSrc = append(
+		scriptSrc,
+		wwwgoogletagmanagercom,
+		euassetsiposthogcom,
+		CSPHostSource{
+			Scheme: "https",
+			Host:   "browser.sentry-cdn.com",
+		},
+	)
 	scriptSrc = append(scriptSrc, baseSrc...)
 	sort.Sort(scriptSrc)
 
diff --git a/pkg/portal/routes.go b/pkg/portal/routes.go
@@ -28,7 +28,7 @@ func NewRouter(p *deps.RootProvider) *httproute.Router {
 				// ES6 module assumes strict mode.
 				// regeneratorRuntime is not compatible with strict mode because
 				// it uses Function to generate function, which is considered as eval.
-				"script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net unpkg.com www.googletagmanager.com cdn.mxpnl.com eu.posthog.com cmp.osano.com",
+				"script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net unpkg.com www.googletagmanager.com cdn.mxpnl.com eu.posthog.com eu-assets.i.posthog.com cmp.osano.com",
 				// monaco editor create worker with blob:
 				"worker-src 'self' 'unsafe-inline' cdn.jsdelivr.net blob:",
 				"object-src 'none'",
