Revert "♻️ Extract urls and make cookiebot url a wildcard #2058" (#2060)

equinor · Jan 16, 2024 · 539b41a · 539b41a
1 parent 35234b2
commit 539b41a
Showing 1 changed file with 14 additions and 53 deletions.
diff --git a/web/securityHeaders.js b/web/securityHeaders.js
@@ -36,60 +36,21 @@ const iframeSrcs = [
   .filter((e) => e)
   .join(' ')
 
-const blobSrcUrls = [
-  'https://*.googletagmanager.com',
-  'https://siteimproveanalytics.com',
-  'https://*.cookiebot.com',
-  'https://consentcdn.cookiebot.com',
-  'https://platform.twitter.com',
-  'https://cdn.syndication.twimg.com/',
-  'https://www.youtube.com',
-]
-
-const dataSrcUrls = [
-  edsCdnUrl,
-  'https://cdn.sanity.io',
-  'https://cdn.equinor.com',
-  'https://*.siteimproveanalytics.io',
-  'https://*.googletagmanager.com',
-  'https://platform.twitter.com',
-  'https://syndication.twitter.com',
-  'https://*.twimg.com',
-  'https://i.ytimg.com',
-]
-  .filter((e) => e)
-  .join(' ')
-
-const selfSrcUrls = [
-  'cdn.sanity.io',
-  'cdn.equinor.com',
-  'https://bcdn.screen9.com',
-  'https://h61q9gi9.api.sanity.io',
-  'https://tools.eurolandir.com',
-  'https://inferred.litix.io/',
-  'https://*.algolia.net',
-  'https://*.algolianet.com',
-  'https://consentcdn.cookiebot.com',
-  'https://eu-api.friendlycaptcha.eu',
-  isProduction ? '' : 'ws:',
-]
-  .filter((e) => e)
-  .join(' ')
-
 const ContentSecurityPolicy = `
-     default-src 'self' cdn.sanity.io cdn.equinor.com;
-     style-src 'report-sample' 'self' 'unsafe-inline' ${edsCdnUrl} 
-        https://platform.twitter.com https://*.twimg.com;
-     script-src 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: ${blobSrcUrls} ;
-     img-src 'self' data: ${dataSrcUrls} ;
-     connect-src 'self' ${selfSrcUrls} ;
-     child-src  blob:;
-     frame-src 'self' ${iframeSrcs};
-     frame-ancestors ${xFrameUrls};
-     font-src 'self' ${edsCdnUrl} data:;
-     media-src 'self' blob: https://bcdn.screen9.com https://cdn.sanity.io/ https://cdn.equinor.com/;
-   
-     `
+   default-src 'self' cdn.sanity.io cdn.equinor.com;
+   style-src 'report-sample' 'self' 'unsafe-inline' ${edsCdnUrl} https://platform.twitter.com https://*.twimg.com;
+   script-src 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: https://*.googletagmanager.com  https://siteimproveanalytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com https://cdn.syndication.twimg.com/ https://www.youtube.com;
+   img-src 'self' data: ${edsCdnUrl} https://cdn.sanity.io https://cdn.equinor.com https://*.siteimproveanalytics.io https://*.googletagmanager.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://i.ytimg.com;
+   connect-src 'self' https://bcdn.screen9.com https://h61q9gi9.api.sanity.io https://tools.eurolandir.com https://inferred.litix.io/ https://*.algolia.net https://*.algolianet.com https://consentcdn.cookiebot.com https://eu-api.friendlycaptcha.eu ${
+     isProduction ? '' : 'ws:'
+   };
+   child-src  blob:;
+   frame-src 'self' ${iframeSrcs};
+   frame-ancestors ${xFrameUrls};
+   font-src 'self' ${edsCdnUrl} data:;
+   media-src 'self' blob: https://bcdn.screen9.com https://cdn.sanity.io/ https://cdn.equinor.com/;
+
+ `
 
 export default [
   {