fix: Add more hosts to connect-src directive (#693)

Hopefully this will make Google Analytics work properly, as it seems to be getting blocked by the browser due to CSP. [MAP-793]
ministryofjustice · Apr 16, 2024 · 39e395c · 39e395c
1 parent e11f55c
commit 39e395c
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/server/app.ts b/server/app.ts
@@ -80,7 +80,14 @@ export default function createApp(services: Services): Express {
   const styleSrc = ["'self'", 'code.jquery.com', (_req: Request, res: Response) => `'nonce-${res.locals.cspNonce}'`]
   const imgSrc = ["'self'", 'data:', 'www.googletagmanager.com', 'www.google-analytics.com', 'https://code.jquery.com']
   const fontSrc = ["'self'"]
-  const connectSrc = ["'self'", 'www.googletagmanager.com', 'www.google-analytics.com']
+  const connectSrc = [
+    "'self'",
+    'www.googletagmanager.com',
+    'www.google-analytics.com',
+    'region1.google-analytics.com',
+    'region1.analytics.google.com',
+    'stats.g.doubleclick.net',
+  ]
 
   if (config.apis.frontendComponents.url) {
     scriptSrc.push(config.apis.frontendComponents.url)