Merge pull request #2144 from insectengine/CSP-AdobeAnalytics-secondfix

insectengine · web-flow · commit 8b40739cbd24 · 2024-10-24T14:44:57.000-05:00
update CSP with Deepak's changes
diff --git a/_includes/head-csp.html b/_includes/head-csp.html
@@ -1,24 +1,27 @@
 <meta http-equiv="Content-Security-Policy" content="
-  default-src https://dpm.demdex.net https://route-default-test-mscherer-matamo.apps.ospo-osci.z3b1.p1.openshiftapps.com/ {{ site.search.host }}; 
+  connect-src 'self' https://dpm.demdex.net https://adobedc.demdex.net https://route-default-test-mscherer-matamo.apps.ospo-osci.z3b1.p1.openshiftapps.com/ {{ site.search.host }} https://smetrics.redhat.com; 
   script-src 'self' 'unsafe-inline' 'unsafe-eval'
-        {{ search_script }} 
-        https://assets.adobedtm.com
-        js.bizographics.com
-        https://www.redhat.com
-        https://static.redhat.com
-        https://app.requestly.io/
-        jsonip.com 
-        https://ajax.googleapis.com
-        https://use.fontawesome.com
-        https://app.mailjet.com
-        http://www.youtube.com
-        http://www.googleadservices.com
-        https://googleads.g.doubleclick.net
-        https://giscus.app
-        https://route-default-test-mscherer-matamo.apps.ospo-osci.z3b1.p1.openshiftapps.com/;
+      {{ search_script }}
+      https://assets.adobedtm.com
+      js.bizographics.com
+      https://www.redhat.com
+      https://static.redhat.com
+      https://app.requestly.io/
+      jsonip.com
+      https://ajax.googleapis.com
+      https://use.fontawesome.com
+      http://www.youtube.com
+      http://www.googleadservices.com
+      https://googleads.g.doubleclick.net
+      https://giscus.app
+      https://route-default-test-mscherer-matamo.apps.ospo-osci.z3b1.p1.openshiftapps.com/
+      https://app.mailjet.com;
 
   style-src 'self' https://fonts.googleapis.com https://use.fontawesome.com; 
   img-src 'self' * data:; 
   media-src 'self'; 
-  frame-src https://redhat.demdex.net https://www.youtube.com https://embed.restream.io https://app.mailjet.com http://xy0p2.mjt.lu https://mj.quarkus.io https://giscus.app; base-uri 'none'; object-src 'none'; form-action 'none'; 
+  frame-src https://redhat.demdex.net https://www.youtube.com https://embed.restream.io https://app.mailjet.com http://xy0p2.mjt.lu https://mj.quarkus.io https://giscus.app; 
+  base-uri 'none'; 
+  object-src 'none'; 
+  form-action 'none'; 
   font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com;" />
