Skip to content

Commit 7d8a163

Browse files
hanneolsenhanneolsen
committed
Legger til cdn.nav.no i CSP-whitelist, umami sitt sporingsscript ligger der
1 parent 86d75ac commit 7d8a163

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

Diff for: packages/familie-backend/src/headers.ts

+2-1
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,9 @@ const amplitude = 'https://amplitude.nav.no';
77
const sentry = 'https://sentry.gc.nav.no';
88
const navTelemetry = 'https://telemetry.nav.no';
99
const navTelemetryDev = 'https://telemetry.ekstern.dev.nav.no';
10+
const navCdn = 'https://cdn.nav.no';
1011

11-
const cspString = `default-src 'self' data: ${amplitude} ${sentry} ${navTelemetry} ${navTelemetryDev}; style-src 'self' ${styleSource} data: 'unsafe-inline'; font-src 'self' ${fontSource} ${navFontSource} data:; frame-src 'self' blob:;`;
12+
const cspString = `default-src 'self' data: ${amplitude} ${sentry} ${navTelemetry} ${navTelemetryDev} ${navCdn}; style-src 'self' ${styleSource} data: 'unsafe-inline'; font-src 'self' ${fontSource} ${navFontSource} data:; frame-src 'self' blob:;`;
1213

1314
const setup = (app: Express) => {
1415
app.disable('x-powered-by');

0 commit comments

Comments
 (0)