Bugfix/ffs 940 csp (#83)

* Enabling new relic agent, adding newrelic_key env var to terraform config * add unsafe_inline csp rule
DSACMS · Jun 28, 2024 · 6a1ad2e · 6a1ad2e
1 parent ca8c75a
commit 6a1ad2e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/config/initializers/content_security_policy.rb b/app/config/initializers/content_security_policy.rb
@@ -12,7 +12,7 @@
     policy.frame_ancestors :none
     policy.img_src :self, :data, "https://*.cloudinary.com", "http://*.cloudinary.com", "https://www.google-analytics.com", "https://cdn.getpinwheel.com"
     policy.object_src :none
-    policy.script_src :self, "https://js-agent.newrelic.com", "https://*.nr-data.net", "https://dap.digitalgov.gov", "https://www.google-analytics.com", "https://cdn.getpinwheel.com"
+    policy.script_src :self, :unsafe_inline, "https://js-agent.newrelic.com", "https://*.nr-data.net", "https://dap.digitalgov.gov", "https://www.google-analytics.com", "https://cdn.getpinwheel.com"
     policy.connect_src :self, "https://get.geojs.io", "https://*.nr-data.net", "https://dap.digitalgov.gov", "https://www.google-analytics.com"
     policy.worker_src :self, "blob:"
     policy.frame_src :self, "https://cdn.getpinwheel.com"