From b72d939cabb05dca784b07efc39a86870490a408 Mon Sep 17 00:00:00 2001 From: plockwood Date: Tue, 16 Jul 2024 11:39:48 +0100 Subject: [PATCH] fix for ga script source --- .../Security/SecureHeadersDefinitions.cs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Security/SecureHeadersDefinitions.cs b/Dfe.PrepareConversions/Dfe.PrepareConversions/Security/SecureHeadersDefinitions.cs index ffe8b9dfb..670146d8d 100644 --- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Security/SecureHeadersDefinitions.cs +++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Security/SecureHeadersDefinitions.cs @@ -31,15 +31,18 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev) { builder.AddObjectSrc().None(); builder.AddBlockAllMixedContent(); - builder.AddImgSrc().Self().From("data:").From(GoogleAnalyticsUri) + builder.AddImgSrc().Self() + .From("data:") + .From(GoogleAnalyticsUri) .From(GoogleTagManagerUri); builder.AddFormAction().Self(); builder.AddFormAction().OverHttps(); builder.AddFontSrc().Self(); builder.AddStyleSrc().Self(); builder.AddBaseUri().Self(); - builder.AddScriptSrc().From(GoogleTagManagerUri).UnsafeInline().WithNonce(); - builder.AddScriptSrc().From(ApplicationInsightsUri).UnsafeInline().WithNonce(); + builder.AddScriptSrc() + .From(GoogleTagManagerUri) + .From(ApplicationInsightsUri).UnsafeInline().WithNonce(); builder.AddFrameAncestors().None(); }) .AddPermissionsPolicy(builder =>