update csp

sarahs · sarahs · commit d0b89fb59313 · 2021-01-13T14:31:39.000-05:00
diff --git a/middleware/csp.js b/middleware/csp.js
@@ -58,7 +58,7 @@ module.exports = async (req, res, next) => {
   if (versionSatisfiesRange(requestedVersion, '<=2.19') && versionSatisfiesRange(requestedVersion, '>2.12')) {
     csp.directives.scriptSrc.push("'unsafe-eval'", "'unsafe-inline'", 'http://www.google-analytics.com', 'https://ssl.google-analytics.com')
     csp.directives.connectSrc.push('https://www.google-analytics.com')
-    csp.directives.imgSrc.push('http://www.google-analytics.com')
+    csp.directives.imgSrc.push('http://www.google-analytics.com', 'https://ssl.google-analytics.com')
   }
 
   // Exception for search in deprecated Enterprise docs <=2.12 (static site era)

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ module.exports = async (req, res, next) => {`
`58`	`58`	`if (versionSatisfiesRange(requestedVersion, '<=2.19') && versionSatisfiesRange(requestedVersion, '>2.12')) {`
`59`	`59`	`csp.directives.scriptSrc.push("'unsafe-eval'", "'unsafe-inline'", 'http://www.google-analytics.com', 'https://ssl.google-analytics.com')`
`60`	`60`	`csp.directives.connectSrc.push('https://www.google-analytics.com')`
`61`		`- csp.directives.imgSrc.push('http://www.google-analytics.com')`
	`61`	`+ csp.directives.imgSrc.push('http://www.google-analytics.com', 'https://ssl.google-analytics.com')`
`62`	`62`	`}`
`63`	`63`
`64`	`64`	`// Exception for search in deprecated Enterprise docs <=2.12 (static site era)`