Skip to content

Commit

Permalink
Merge pull request #1001 from DFE-Digital/hotfix/app-insights-sdk-csp
Browse files Browse the repository at this point in the history 
Add App Insights SDK to CSP script-src
  • Loading branch information
@DrizzlyOwl
DrizzlyOwl authored Jan 29, 2025
2 parents 1b6bfdb + 6314050 commit 349237a
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions ...anageFreeSchoolProjects/Dfe.ManageFreeSchoolProjects/Security/SecureHeadersDefinitions.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ public static class SecurityHeadersDefinitions
{
static string GoogleTagManagerUri => "https://www.googletagmanager.com";
static string GoogleAnalyticsUri => "https://www.google-analytics.com/";
static string ApplicationInsightsUri => "https://js.monitor.azure.com/";

public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev)
{
Expand Down Expand Up @@ -39,8 +40,10 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev)
builder.AddFontSrc().Self();
builder.AddStyleSrc().Self();
builder.AddBaseUri().Self();
builder.AddScriptSrc().From(GoogleTagManagerUri).UnsafeInline().WithNonce();
builder.AddFrameAncestors().None();
builder.AddScriptSrc()
.From(GoogleTagManagerUri).From(ApplicationInsightsUri)
.UnsafeInline().WithNonce();
builder.AddFrameAncestors().None();
})
.RemoveServerHeader()
.AddPermissionsPolicy(builder =>
Expand Down

0 comments on commit 349237a

Please sign in to comment.