From 6297091022213bbf15381aecee48e3f0734fc1f8 Mon Sep 17 00:00:00 2001
From: Jonathan Bobel <jbobel@flexion.us>
Date: Wed, 13 Dec 2023 08:50:25 -0500
Subject: [PATCH] 1004 - Adding GA to connect-src

---
 app/__init__.py                      | 6 +++++-
 tests/app/main/views/test_headers.py | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/app/__init__.py b/app/__init__.py
index 0923b8a50..c8224e21e 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -153,7 +153,11 @@ def _csp(config):
             "https://www.google-analytics.com",
             "https://dap.digitalgov.gov",
         ],
-        "connect-src": ["'self'", "https://gov-bam.nr-data.net"],
+        "connect-src": [
+            "'self'",
+            "https://gov-bam.nr-data.net",
+            "https://www.google-analytics.com",
+        ],
         "style-src": ["'self'", asset_domain],
         "img-src": ["'self'", asset_domain, logo_domain],
     }
diff --git a/tests/app/main/views/test_headers.py b/tests/app/main/views/test_headers.py
index fa6901617..211601d16 100644
--- a/tests/app/main/views/test_headers.py
+++ b/tests/app/main/views/test_headers.py
@@ -23,6 +23,10 @@ def test_owasp_useful_headers_set(
         r"gov 'nonce-.*';",
         csp,
     )
-    assert search(r"connect-src 'self' https:\/\/gov-bam.nr-data\.net;", csp)
+    assert search(
+        r"connect-src 'self' https:\/\/gov-bam.nr-data\.net https:\/\/www\.google-analytics\."
+        r"com;",
+        csp,
+    )
     assert search(r"style-src 'self' static\.example\.com 'nonce-.*';", csp)
     assert search(r"img-src 'self' static\.example\.com static-logos\.test\.com", csp)