From: Tom Hughes <tom@compton.nu>
Date: Thu, 17 May 2018 10:29:06 +0000 (+0100)
Subject: Add piwik to allowed URIs in connect-src
X-Git-Tag: live~3056
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/68f7df96d681d83c04beb36a173bd056a0a248cb?hp=288207c736abea87e5c496184ae822e7420dbcdb

Add piwik to allowed URIs in connect-src
---

diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 696efc729..bb901e375 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -16,6 +16,7 @@ if defined?(CSP_REPORT_URL)
     :report_uri => [CSP_REPORT_URL]
   }
 
+  csp_policy[:connect_src] << PIWIK["location"] if defined?(PIWIK)
   csp_policy[:img_src] << PIWIK["location"] if defined?(PIWIK)
   csp_policy[:script_src] << PIWIK["location"] if defined?(PIWIK)
 else