From 35234b2a8ed5df53770bef0c053a54449d042025 Mon Sep 17 00:00:00 2001 From: Malin J Date: Tue, 16 Jan 2024 13:55:11 +0100 Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20Extract=20urls=20and=20mak?= =?UTF-8?q?e=20cookiebot=20url=20a=20wildcard=20#2058=20(#2059)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * ♻️ Extract urls and make cookiebot url a wildcard #2058 * ♻️ Remove unused filter and join #2058 --- web/securityHeaders.js | 67 +++++++++++++++++++++++++++++++++--------- 1 file changed, 53 insertions(+), 14 deletions(-) diff --git a/web/securityHeaders.js b/web/securityHeaders.js index 51febf649..c91a80254 100644 --- a/web/securityHeaders.js +++ b/web/securityHeaders.js @@ -36,21 +36,60 @@ const iframeSrcs = [ .filter((e) => e) .join(' ') -const ContentSecurityPolicy = ` - default-src 'self' cdn.sanity.io cdn.equinor.com; - style-src 'report-sample' 'self' 'unsafe-inline' ${edsCdnUrl} https://platform.twitter.com https://*.twimg.com; - script-src 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: https://*.googletagmanager.com https://siteimproveanalytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com https://cdn.syndication.twimg.com/ https://www.youtube.com; - img-src 'self' data: ${edsCdnUrl} https://cdn.sanity.io https://cdn.equinor.com https://*.siteimproveanalytics.io https://*.googletagmanager.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://i.ytimg.com; - connect-src 'self' https://bcdn.screen9.com https://h61q9gi9.api.sanity.io https://tools.eurolandir.com https://inferred.litix.io/ https://*.algolia.net https://*.algolianet.com https://consentcdn.cookiebot.com https://eu-api.friendlycaptcha.eu ${ - isProduction ? '' : 'ws:' - }; - child-src blob:; - frame-src 'self' ${iframeSrcs}; - frame-ancestors ${xFrameUrls}; - font-src 'self' ${edsCdnUrl} data:; - media-src 'self' blob: https://bcdn.screen9.com https://cdn.sanity.io/ https://cdn.equinor.com/; +const blobSrcUrls = [ + 'https://*.googletagmanager.com', + 'https://siteimproveanalytics.com', + 'https://*.cookiebot.com', + 'https://consentcdn.cookiebot.com', + 'https://platform.twitter.com', + 'https://cdn.syndication.twimg.com/', + 'https://www.youtube.com', +] - ` +const dataSrcUrls = [ + edsCdnUrl, + 'https://cdn.sanity.io', + 'https://cdn.equinor.com', + 'https://*.siteimproveanalytics.io', + 'https://*.googletagmanager.com', + 'https://platform.twitter.com', + 'https://syndication.twitter.com', + 'https://*.twimg.com', + 'https://i.ytimg.com', +] + .filter((e) => e) + .join(' ') + +const selfSrcUrls = [ + 'cdn.sanity.io', + 'cdn.equinor.com', + 'https://bcdn.screen9.com', + 'https://h61q9gi9.api.sanity.io', + 'https://tools.eurolandir.com', + 'https://inferred.litix.io/', + 'https://*.algolia.net', + 'https://*.algolianet.com', + 'https://consentcdn.cookiebot.com', + 'https://eu-api.friendlycaptcha.eu', + isProduction ? '' : 'ws:', +] + .filter((e) => e) + .join(' ') + +const ContentSecurityPolicy = ` + default-src 'self' cdn.sanity.io cdn.equinor.com; + style-src 'report-sample' 'self' 'unsafe-inline' ${edsCdnUrl} + https://platform.twitter.com https://*.twimg.com; + script-src 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: ${blobSrcUrls} ; + img-src 'self' data: ${dataSrcUrls} ; + connect-src 'self' ${selfSrcUrls} ; + child-src blob:; + frame-src 'self' ${iframeSrcs}; + frame-ancestors ${xFrameUrls}; + font-src 'self' ${edsCdnUrl} data:; + media-src 'self' blob: https://bcdn.screen9.com https://cdn.sanity.io/ https://cdn.equinor.com/; + + ` export default [ {