From ff44be527995acef655cd682b950a4fd1333c6e9 Mon Sep 17 00:00:00 2001
From: Steven Reilly <stvnrlly@users.noreply.github.com>
Date: Mon, 27 Nov 2023 16:16:27 -0500
Subject: [PATCH 1/2] add gtm to csp sources

---
 app/__init__.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/__init__.py b/app/__init__.py
index 21f0c8e03..e28175aec 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -150,6 +150,7 @@ def _csp(config):
             "'unsafe-eval'",
             "https://js-agent.newrelic.com",
             "https://gov-bam.nr-data.net",
+            "https://www.googletagmanager.com",
         ],
         "connect-src": ["'self'", "https://gov-bam.nr-data.net"],
         "style-src": ["'self'", asset_domain],

From 911552b858a857f66b2bbcca493fb2d570765835 Mon Sep 17 00:00:00 2001
From: Steven Reilly <stvnrlly@users.noreply.github.com>
Date: Mon, 27 Nov 2023 16:26:22 -0500
Subject: [PATCH 2/2] update test instead of not updating test

---
 tests/app/main/views/test_headers.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/app/main/views/test_headers.py b/tests/app/main/views/test_headers.py
index 21591586d..de0cef7d2 100644
--- a/tests/app/main/views/test_headers.py
+++ b/tests/app/main/views/test_headers.py
@@ -17,7 +17,8 @@ def test_owasp_useful_headers_set(
     assert search(r"form-action 'self';", csp)
     assert search(
         r"script-src 'self' static\.example\.com 'unsafe-eval' https:\/\/js-agent\.new"
-        r"relic\.com https:\/\/gov-bam\.nr-data\.net 'nonce-.*';",
+        r"relic\.com https:\/\/gov-bam\.nr-data\.net https:\/\/www\.googletagmanager\."
+        r"com 'nonce-.*';",
         csp,
     )
     assert search(r"connect-src 'self' https:\/\/gov-bam.nr-data\.net;", csp)