From 73685c771abd10bab47a65de691e0c754e44b40f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ivar=20Conradi=20=C3=98sthus?= <ivarconr@gmail.com>
Date: Thu, 6 Jan 2022 21:08:16 +0100
Subject: [PATCH] fix: allow static assets from cdn.getunleash.io

---
 src/lib/middleware/secure-headers.ts | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/lib/middleware/secure-headers.ts b/src/lib/middleware/secure-headers.ts
index 096e2fb16ad..cd5102378b4 100644
--- a/src/lib/middleware/secure-headers.ts
+++ b/src/lib/middleware/secure-headers.ts
@@ -13,21 +13,28 @@ const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => {
             },
             contentSecurityPolicy: {
                 directives: {
-                    defaultSrc: ["'self'"],
+                    defaultSrc: ["'self'", 'cdn.getunleash.io'],
                     fontSrc: [
                         "'self'",
+                        'cdn.getunleash.io',
                         'fonts.googleapis.com',
                         'fonts.gstatic.com',
                     ],
                     styleSrc: [
                         "'self'",
                         "'unsafe-inline'",
+                        'cdn.getunleash.io',
                         'fonts.googleapis.com',
                         'fonts.gstatic.com',
                         'data:',
                     ],
-                    scriptSrc: ["'self'"],
-                    imgSrc: ["'self'", 'data:', 'gravatar.com'],
+                    scriptSrc: ["'self'", 'cdn.getunleash.io'],
+                    imgSrc: [
+                        "'self'",
+                        'data:',
+                        'cdn.getunleash.io',
+                        'gravatar.com',
+                    ],
                 },
             },
         });