Merge pull request #3899 from overleaf/ae-csp-report-sample

Add 'report-sample' to script-src CSP directive GitOrigin-RevId: 1a2c26339e7ef353a89fc264b0f186a1d313e1bc
2026-05-23 17:19:37 +02:00 · 2021-04-14 10:03:14 +01:00
parent c89beb7657
commit 676b70b2be
1 changed files with 1 additions and 1 deletions
--- a/services/web/app/src/infrastructure/CSP.js
+++ b/services/web/app/src/infrastructure/CSP.js
@@ -24,7 +24,7 @@ module.exports = function({
        res.locals.scriptNonce = scriptNonce

        const directives = [
-          `script-src 'nonce-${scriptNonce}' 'unsafe-inline' 'strict-dynamic' https:`,
+          `script-src 'nonce-${scriptNonce}' 'unsafe-inline' 'strict-dynamic' https: 'report-sample'`,
          `object-src 'none'`,
          `base-uri 'none'`
        ]