Commit 39dbde72 authored by David Björkheim's avatar David Björkheim
Browse files

DEICH-5395 Deichman.no: Update CSP with new directives for embedded content

parent c5c2c66e
......@@ -116,7 +116,8 @@ app
styleSrc: [
"'self'",
"'unsafe-inline'",
"https://cdn.jsdelivr.net/npm/@digibib/"
"https://cdn.jsdelivr.net/npm/@digibib/",
"https://translate.googleapis.com/"
],
styleSrcElem: ["'self'", "https://cdn.jsdelivr.net/npm/@digibib/"],
scriptSrcElem: [
......@@ -132,7 +133,9 @@ app
"https://m.facebook.com",
"https://www.facebook.com",
"https://www.youtube.com/",
"https://www.youtube-nocookie.com"
"https://www.youtube-nocookie.com",
"https://w.soundcloud.com/",
"https://www.google.com/"
],
fontSrc: [
"'self'",
......@@ -143,18 +146,22 @@ app
"'self'",
"https://cdn.jsdelivr.net/npm/@digibib/",
"https://www.google-analytics.com/",
"https://stats.g.doubleclick.net/"
"https://stats.g.doubleclick.net/",
"https://translate.googleapis.com/translate_a/t"
],
mediaSrc: ["'self'", "https://static.deichman.no"],
imgSrc: [
"'self'",
"https://images.deichman.no/",
"https://static.deichman.no/",
"https://cdn.jsdelivr.net/npm/@digibib/",
"https://www.google.no/ads/",
"https://www.google.se/ads/",
"https://www.googletagmanager.com/",
"https://www.google-analytics.com/",
"https://www.google.com/ads/",
"https://stats.g.doubleclick.net/",
"https://www.gstatic.com/images/branding",
"https://www.facebook.com",
() => (dev ? "http://images.localhost" : "")
],
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment