Merge pull request #17282 from github/support-ga-in-deprecated-versions

Fix CSP errors on older versions

Author: sarahs

middleware/csp.js

@@ -56,7 +56,9 @@ module.exports = async (req, res, next) => {
 
   // Exception for Algolia instantsearch in deprecated Enterprise docs (Node.js era)
   if (versionSatisfiesRange(requestedVersion, '<=2.19') && versionSatisfiesRange(requestedVersion, '>2.12')) {
-    csp.directives.scriptSrc.push("'unsafe-eval'")
+    csp.directives.scriptSrc.push("'unsafe-eval'", "'unsafe-inline'", 'http://www.google-analytics.com', 'https://ssl.google-analytics.com')
+    csp.directives.connectSrc.push('https://www.google-analytics.com')
+    csp.directives.imgSrc.push('http://www.google-analytics.com', 'https://ssl.google-analytics.com')
   }
 
   // Exception for search in deprecated Enterprise docs <=2.12 (static site era)

tests/routing/deprecated-enterprise-versions.js

@@ -169,6 +169,16 @@ describe('JS and CSS assets', () => {
     expect(result.get('Content-Type')).toBe('image/svg+xml; charset=utf-8')
   })
 
+  it('returns the expected node_modules', async () => {
+    const result = await supertest(app)
+      .get('/node_modules/algoliasearch/dist/algoliasearch.min.js')
+      .set('Referrer', '/en/enterprise/2.17')
+
+    expect(result.statusCode).toBe(200)
+    expect(result.get('x-is-archived')).toBe('true')
+    expect(result.get('Content-Type')).toBe('application/javascript; charset=utf-8')
+  })
+
   it('returns the expected favicon', async () => {
     const result = await supertest(app)
       .get('/assets/images/site/favicon.svg')
@@ -179,7 +189,7 @@ describe('JS and CSS assets', () => {
     expect(result.get('Content-Type')).toBe('image/svg+xml; charset=utf-8')
   })
 
-  it('returns the expected CSS file  ( <2.13 )', async () => {
+  it('returns the expected CSS file ( <2.13 )', async () => {
     const result = await supertest(app)
       .get('/assets/stylesheets/application.css')
       .set('Referrer', '/en/enterprise/2.12')