Update CSP for cloudflare

highemerly · Sep 23, 2023 · 598835d · 598835d
1 parent 81505f6
commit 598835d
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
@@ -16,7 +16,10 @@ def host_to_url(str)
 media_host ||= host_to_url(ENV['S3_HOSTNAME']) if ENV['S3_ENABLED'] == 'true'
 media_host ||= assets_host
 
-instance_ticker_host     = 'https://34.si'
+instance_ticker_host             = 'https://34.si'
+cloudflare_insights_script_host  = 'https://static.cloudflareinsights.com'
+cloudflare_insights_connect_host = 'https://cloudflareinsights.com'
+cloudflare_mirage_script_host    = 'https://ajax.cloudflare.com'
 
 Rails.application.config.content_security_policy do |p|
   p.base_uri        :none
@@ -38,8 +41,8 @@ def host_to_url(str)
     p.child_src   :self, :blob, assets_host
     p.worker_src  :self, :blob, assets_host
   else
-    p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url
-    p.script_src  :self, assets_host, "'wasm-unsafe-eval'"
+    p.connect_src :self, :data, :blob, assets_host, media_host, cloudflare_insights_connect_host, Rails.configuration.x.streaming_api_base_url
+    p.script_src  :self, assets_host, cloudflare_insights_script_host, cloudflare_mirage_script_host, "'wasm-unsafe-eval'"
     p.child_src   :self, :blob, assets_host
     p.worker_src  :self, :blob, assets_host
   end