From f865eed8f28a59a1e0441abd5602b1d710156b18 Mon Sep 17 00:00:00 2001
From: Fernando Blat <fernando@blat.es>
Date: Mon, 16 Sep 2024 21:21:37 +0200
Subject: [PATCH] Add CPS allowed sites

---
 config/initializers/decidim.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/config/initializers/decidim.rb b/config/initializers/decidim.rb
index ad40742..c19a72e 100644
--- a/config/initializers/decidim.rb
+++ b/config/initializers/decidim.rb
@@ -399,6 +399,17 @@
     class_identifier = resource.class.name.demodulize[0..3].upcase
     "#{class_identifier}-#{resource.id}"
   end
+
+  config.content_security_policies_extra = {
+    "default-src" => %w('self' 'unsafe-inline'),
+    "script-src" => %w('self' 'unsafe-inline' 'unsafe-eval' *.terrassa.cat),
+    "style-src" => %w('self' 'unsafe-inline'),
+    "img-src" => %w('self' *.hereapi.com data: *.amazonaws.com terrassa.cat *.terrassa.cat),
+    "font-src" => %w('self'),
+    "connect-src" => %w('self' *.hereapi.com *.jsdelivr.net *.amazonaws.com),
+    "frame-src" => %w('self' *.youtube.com www.youtube-nocookie.com player.vimeo.com *.google.com *.airtable.com),
+    "media-src" => %w('self')
+  }
 end
 
 Decidim::Verifications.register_workflow(:census_authorization_handler) do |auth|