From e552a5cbf57689f78a915863a38a4f15a1349c11 Mon Sep 17 00:00:00 2001
From: Colin Darie <colin@darie.eu>
Date: Tue, 15 Oct 2024 16:23:23 +0200
Subject: [PATCH] fix(crisp): csp for crisp iframe help

---
 config/initializers/content_security_policy.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 9797185fd..4c841ec47 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -40,6 +40,7 @@ Rails.application.config.content_security_policy do |policy|
   frame_whitelist << URI(MATOMO_IFRAME_URL).host if Rails.application.secrets.matomo[:enabled]
   # allow pdf iframes in the PJ gallery
   frame_whitelist << URI(DS_PROXY_URL).host if DS_PROXY_URL.present?
+  frame_whitelist << "*.crisp.help" if Rails.application.secrets.crisp[:enabled]
   policy.frame_src(:self, *frame_whitelist)
 
   # Everything else: allow us