darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-06 03:13:42 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #946 from GSA/stvnrlly/gtm-script-src

Browse Source 
Add GTM to CSP sources
This commit is contained in:
Carlo Costino
2023-11-27 17:44:46 -05:00
committed by GitHub
parent 74ace43668 911552b858
commit 479e455ab1
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/__init__.py
View File

@@ -150,6 +150,7 @@ def _csp(config):
"'unsafe-eval'",
"https://js-agent.newrelic.com",
"https://gov-bam.nr-data.net",
"https://www.googletagmanager.com",
],
"connect-src": ["'self'", "https://gov-bam.nr-data.net"],
"style-src": ["'self'", asset_domain],

3
tests/app/main/views/test_headers.py
View File

@@ -17,7 +17,8 @@ def test_owasp_useful_headers_set(
assert search(r"form-action 'self';", csp)
assert search(
r"script-src 'self' static\.example\.com 'unsafe-eval' https:\/\/js-agent\.new"
r"relic\.com https:\/\/gov-bam\.nr-data\.net 'nonce-.*';",
r"relic\.com https:\/\/gov-bam\.nr-data\.net https:\/\/www\.googletagmanager\."
r"com 'nonce-.*';",
csp,
)
assert search(r"connect-src 'self' https:\/\/gov-bam.nr-data\.net;", csp)