From daca37a96468a2b4a569914158ff0b55f5956fbd Mon Sep 17 00:00:00 2001 From: Lubos Zapotocny Date: Wed, 2 Oct 2024 10:15:19 +0000 Subject: [PATCH] Add hotjar font CSP domain --- webapp/config/services.yaml | 1 + .../src/EventListener/AddContentSecurityPolicyListener.php | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/webapp/config/services.yaml b/webapp/config/services.yaml index 53f969bd2b..45021d82ea 100644 --- a/webapp/config/services.yaml +++ b/webapp/config/services.yaml @@ -53,4 +53,5 @@ services: scriptSrc: "'self' 'unsafe-inline' https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com" imgSrc: "'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com" connectSrc: "'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com" + fontSrc: "'self' https://*.hotjar.com" frameAncestors: "'self'" diff --git a/webapp/src/EventListener/AddContentSecurityPolicyListener.php b/webapp/src/EventListener/AddContentSecurityPolicyListener.php index 36470b2104..43009fc251 100644 --- a/webapp/src/EventListener/AddContentSecurityPolicyListener.php +++ b/webapp/src/EventListener/AddContentSecurityPolicyListener.php @@ -24,6 +24,7 @@ public function __invoke(ResponseEvent $event): void $this->getScriptSrcCsp(), $this->getImageSrcCsp(), $this->getConnectSrcCsp(), + $this->getFontSrcScp(), $this->getFrameAncestorsCsp() ]); @@ -58,6 +59,11 @@ private function getConnectSrcCsp(): string return "connect-src " . $this->cspConfig['connectSrc']; } + private function getFontSrcScp(): string + { + return "font-src " . $this->cspConfig['fontSrc']; + } + private function getFrameAncestorsCsp(): string { return "frame-ancestors " . $this->cspConfig['frameAncestors'];