From 676b70b2bed527a2a63d08d82a017cee124f5040 Mon Sep 17 00:00:00 2001 From: Alasdair Smith Date: Wed, 14 Apr 2021 10:03:14 +0100 Subject: [PATCH] Merge pull request #3899 from overleaf/ae-csp-report-sample Add 'report-sample' to script-src CSP directive GitOrigin-RevId: 1a2c26339e7ef353a89fc264b0f186a1d313e1bc --- services/web/app/src/infrastructure/CSP.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/web/app/src/infrastructure/CSP.js b/services/web/app/src/infrastructure/CSP.js index 171d45e52a..eac931700e 100644 --- a/services/web/app/src/infrastructure/CSP.js +++ b/services/web/app/src/infrastructure/CSP.js @@ -24,7 +24,7 @@ module.exports = function({ res.locals.scriptNonce = scriptNonce const directives = [ - `script-src 'nonce-${scriptNonce}' 'unsafe-inline' 'strict-dynamic' https:`, + `script-src 'nonce-${scriptNonce}' 'unsafe-inline' 'strict-dynamic' https: 'report-sample'`, `object-src 'none'`, `base-uri 'none'` ]