From 26e285c1995a390c00a88007e4a99dfdf6034038 Mon Sep 17 00:00:00 2001
From: Ryan Grundy <ryan.grundy@ons.gov.uk>
Date: Mon, 4 Nov 2024 12:41:48 +0000
Subject: [PATCH] Updated csp policies to match ga documentation

---
 rh_ui/security.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/rh_ui/security.py b/rh_ui/security.py
index 7761a3e..977968c 100644
--- a/rh_ui/security.py
+++ b/rh_ui/security.py
@@ -1,4 +1,5 @@
 from flask import Blueprint
+
 CSP = {
     'default-src': [
         "'self'",
@@ -17,12 +18,16 @@
     'connect-src': [
         "'self'",
         'https://cdn.ons.gov.uk',
-        'https://*.google-analytics.com/'
+        'https://*.google-analytics.com/',
+        "https://*.analytics.google.com",
+        "https://*.googletagmanager.com"
     ],
     'img-src': [
         "'self'",
         'data:',
-        'https://cdn.ons.gov.uk'
+        'https://cdn.ons.gov.uk',
+        "https://*.google-analytics.com",
+        "https://*.googletagmanager.com"
     ],
 }