966 - Added 2 urls to the CSP configuration + adjusted the test

2026-04-18 08:11:47 -04:00 · 2023-12-12 16:45:21 -05:00
parent ec14996525
commit 13ed67b18b
3 changed files with 9 additions and 9 deletions
--- a/app/init.py
+++ b/app/init.py
@@ -150,6 +150,8 @@ def _csp(config):
            "https://js-agent.newrelic.com",
            "https://gov-bam.nr-data.net",
            "https://www.googletagmanager.com",
+            "https://www.google-analytics.com",
+            "https://dap.digitalgov.gov",
        ],
        "connect-src": ["'self'", "https://gov-bam.nr-data.net"],
        "style-src": ["'self'", asset_domain],
--- a/tests/app/main/views/test_headers.py
+++ b/tests/app/main/views/test_headers.py
@@ -18,7 +18,9 @@ def test_owasp_useful_headers_set(
    assert search(
        r"script-src 'self' static\.example\.com 'unsafe-eval' https:\/\/js-agent\.new"
        r"relic\.com https:\/\/gov-bam\.nr-data\.net https:\/\/www\.googletagmanager\."
-        r"com 'nonce-.*';",
+        r"com https:\/\/www\.google-analytics\."
+        r"com https:\/\/dap\.digitalgov\."
+        r"gov 'nonce-.*';",
        csp,
    )
    assert search(r"connect-src 'self' https:\/\/gov-bam.nr-data\.net;", csp)
--- a/tests/app/main/views/test_manage_users.py
+++ b/tests/app/main/views/test_manage_users.py
@@ -775,15 +775,11 @@ def test_should_show_page_for_inviting_user(


 def test_should_not_show_page_for_inviting_user_without_permissions(
-    client_request,
-    mock_get_template_folders,
-    active_user_empty_permissions
+    client_request, mock_get_template_folders, active_user_empty_permissions
 ):
    client_request.login(active_user_empty_permissions)
    page = client_request.get(
-        "main.invite_user",
-        service_id=SERVICE_ONE_ID,
-        _expected_status=403
+        "main.invite_user", service_id=SERVICE_ONE_ID, _expected_status=403
    )

    assert "not allowed to see this page" in page.h1.string.strip()
@@ -815,7 +811,7 @@ def test_should_show_page_for_inviting_user_with_email_prefilled(
        user_id=fake_uuid,
        # We have the user’s name in the H1 but don’t want it duplicated
        # in the page title
-        _test_page_title=False
+        _test_page_title=False,
    )
    assert normalize_spaces(page.select_one("title").text).startswith(
        "Invite a team member"
@@ -830,7 +826,7 @@ def test_should_show_page_if_prefilled_user_is_already_a_team_member(
    mock_get_template_folders,
    fake_uuid,
    active_user_with_permissions,
-    active_caseworking_user
+    active_caseworking_user,
 ):
    client_request.login(active_user_with_permissions)
    mocker.patch(