Add more sources to the CSP based on sentry.io reports (#1763)

newamericafoundation · Apr 3, 2023 · f801d40 · f801d40
1 parent 9fb4f6e
commit f801d40
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/newamericadotorg/settings/base.py b/newamericadotorg/settings/base.py
@@ -279,7 +279,7 @@
 
 # Content Security Policy
 CSP_REPORT_ONLY = True
-CSP_DEFAULT_SRC = ("'self'",)
+CSP_DEFAULT_SRC = ("'self'", 'https://*.newamerica.org')
 CSP_SCRIPT_SRC = (
     "'self'",
     "'unsafe-eval'",  # Needed for funding disclosures JS
@@ -294,6 +294,8 @@
     'https://cdnjs.cloudflare.com',
     'load.sumo.com',
     'https://www.google-analytics.com',
+    'https://js-agent.newrelic.com',
+    'https://bam.nr-data.net',
 )
 CSP_STYLE_SRC = (
     "'self'",
@@ -309,13 +311,19 @@
     't.co',
     'https://www.google-analytics.com',
     'https://micro-cdn.sumo.com',
+    'https://analytics.twitter.com',
+    'https://www.googletagmanager.com',
+    'https://s3-us-west-2.amazonaws.com/na-data-projects'
 )
 CSP_FRAME_SRC = (
     "'self'",
     'datawrapper.dwcdn.net',
     'https://www.google.com',
     # Embeds
     'https://www.youtube.com',  # YouTube
+    'https://w.soundcloud.com',
+    'https://airtable.com',
+    'https://art19.com',
 )
 CSP_OBJECT_SRC = ("'self'")
 CSP_MEDIA_SRC = ("'self'")
@@ -328,6 +336,7 @@
     'https://sumo.com',
     'http://sumo.com',
     'https://bam-cell.nr-data.net',
+    'https://bam.nr-data.net',
 )
 CSP_FONT_SRC = (
     "'self'",