1004 - Adding GA to connect-src

2026-05-27 09:29:22 -04:00 · 2023-12-13 08:50:25 -05:00
parent 42eca53f77
commit 6297091022
2 changed files with 10 additions and 2 deletions
--- a/app/init.py
+++ b/app/init.py
@@ -153,7 +153,11 @@ def _csp(config):
            "https://www.google-analytics.com",
            "https://dap.digitalgov.gov",
        ],
-        "connect-src": ["'self'", "https://gov-bam.nr-data.net"],
+        "connect-src": [
+            "'self'",
+            "https://gov-bam.nr-data.net",
+            "https://www.google-analytics.com",
+        ],
        "style-src": ["'self'", asset_domain],
        "img-src": ["'self'", asset_domain, logo_domain],
    }
--- a/tests/app/main/views/test_headers.py
+++ b/tests/app/main/views/test_headers.py
@@ -23,6 +23,10 @@ def test_owasp_useful_headers_set(
        r"gov 'nonce-.*';",
        csp,
    )
-    assert search(r"connect-src 'self' https:\/\/gov-bam.nr-data\.net;", csp)
+    assert search(
+        r"connect-src 'self' https:\/\/gov-bam.nr-data\.net https:\/\/www\.google-analytics\."
+        r"com;",
+        csp,
+    )
    assert search(r"style-src 'self' static\.example\.com 'nonce-.*';", csp)
    assert search(r"img-src 'self' static\.example\.com static-logos\.test\.com", csp)