From 3276db016f5e9d27f425c71dfef3f236d2bbbbc2 Mon Sep 17 00:00:00 2001
From: Pierre de La Morinerie <kemenaran@gmail.com>
Date: Tue, 15 Feb 2022 14:20:59 +0000
Subject: [PATCH] config: add Matomo to the `connect_src` Content Security
 Policy

Solves Matomo connections being blocked. Fix #6949
---
 config/initializers/content_security_policy.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 279b32ca9..b1182b386 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -28,6 +28,7 @@ Rails.application.config.content_security_policy do |policy|
   connect_whitelist << URI(API_ADRESSE_URL).host if API_ADRESSE_URL.present?
   connect_whitelist << URI(API_EDUCATION_URL).host if API_EDUCATION_URL.present?
   connect_whitelist << URI(API_GEO_URL).host if API_GEO_URL.present?
+  connect_whitelist << Rails.application.secrets.matomo[:host] if Rails.application.secrets.matomo[:enabled]
   policy.connect_src(:self, *connect_whitelist)
 
   # Pour tout le reste, par défaut on accepte uniquement ce qui vient de chez nous