Merge pull request #6966 from betagouv/fix-matomo-csp
Correction des requêtes Matomo bloquées par la Content Security Policy
This commit is contained in:
commit
0d67ca11a9
1 changed files with 5 additions and 0 deletions
|
@ -28,8 +28,13 @@ Rails.application.config.content_security_policy do |policy|
|
|||
connect_whitelist << URI(API_ADRESSE_URL).host if API_ADRESSE_URL.present?
|
||||
connect_whitelist << URI(API_EDUCATION_URL).host if API_EDUCATION_URL.present?
|
||||
connect_whitelist << URI(API_GEO_URL).host if API_GEO_URL.present?
|
||||
connect_whitelist << Rails.application.secrets.matomo[:host] if Rails.application.secrets.matomo[:enabled]
|
||||
policy.connect_src(:self, *connect_whitelist)
|
||||
|
||||
frame_whitelist = []
|
||||
frame_whitelist << URI(MATOMO_IFRAME_URL).host if Rails.application.secrets.matomo[:enabled]
|
||||
policy.frame_src(:self, *frame_whitelist)
|
||||
|
||||
# Pour tout le reste, par défaut on accepte uniquement ce qui vient de chez nous
|
||||
# et dans la notification on inclue la source de l'erreur
|
||||
default_whitelist = ["fonts.gstatic.com", "in-automate.sendinblue.com", "player.vimeo.com", "app.franceconnect.gouv.fr", "sentry.io", "*.crisp.chat", "crisp.chat", "*.crisp.help", "*.sibautomation.com", "sibautomation.com", "data"]
|
||||
|
|
Loading…
Reference in a new issue