From 3c326547bd4335a476d74c661eb3e03411f9db45 Mon Sep 17 00:00:00 2001 From: Cristen Jones Date: Fri, 10 Jan 2025 14:38:17 -0500 Subject: [PATCH] fix: assorted CSP issues (#2323) * hotfix: add CDN to the CSP connect directives so that maplibre library can fetch and display these * fix: add GTM URL to the CSP frame directive * chore: removed unused blocked-by-CSP resource * feat: add soundcloud to CSP frame directive --- lib/dotcom_web/plugs/secure_headers.ex | 3 +++ lib/dotcom_web/templates/layout/root.html.eex | 1 - 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/dotcom_web/plugs/secure_headers.ex b/lib/dotcom_web/plugs/secure_headers.ex index 1f75c25c10..a705057de8 100644 --- a/lib/dotcom_web/plugs/secure_headers.ex +++ b/lib/dotcom_web/plugs/secure_headers.ex @@ -12,6 +12,7 @@ defmodule DotcomWeb.Plugs.SecureHeaders do *.googleapis.com *.s3.amazonaws.com analytics.google.com + cdn.mbta.com px.ads.linkedin.com stats.g.doubleclick.net www.google-analytics.com @@ -28,7 +29,9 @@ defmodule DotcomWeb.Plugs.SecureHeaders do livestream.com www.youtube.com www.google.com + www.googletagmanager.com www.instagram.com + *.soundcloud.com ], img: ~w[ img-src diff --git a/lib/dotcom_web/templates/layout/root.html.eex b/lib/dotcom_web/templates/layout/root.html.eex index cbd1103ce8..5b8e525634 100644 --- a/lib/dotcom_web/templates/layout/root.html.eex +++ b/lib/dotcom_web/templates/layout/root.html.eex @@ -27,7 +27,6 @@ " type="image/png"> " sizes="32x32" type="image/png"> " sizes="16x16" type="image/vnd.microsoft.icon"> - <%= if google_tag_manager_id() do %>