From 0b1ac24cddf15acb99eba9b11d4cb888b5fcc9f7 Mon Sep 17 00:00:00 2001
From: Jade Ellis <jade@ellis.link>
Date: Sun, 16 Jun 2024 18:08:52 +0100
Subject: [PATCH] Fix analytics CSP

---
 packages/website/csp.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/packages/website/csp.js b/packages/website/csp.js
index 76a87ea2..0bea28d1 100644
--- a/packages/website/csp.js
+++ b/packages/website/csp.js
@@ -3,7 +3,7 @@ const rootDomain = process.env.VITE_DOMAIN; // or your server IP for dev
 const cspDirectives = {
   'base-uri': ["'self'"],
   'child-src': ["'self'"],
-  'connect-src': ["'self'"],
+  'connect-src': ["'self'", "https://*.google-analytics.com"],
   // 'connect-src': ["'self'", 'ws://localhost:*', 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
   'img-src': ["'self'", 'data:'],
   'font-src': ["'self'", 'data:'],
@@ -38,7 +38,8 @@ const cspDirectives = {
   ],
   'script-src': [
     'self',
-    'unsafe-inline' // chrome suggestion
+    'unsafe-inline', // chrome suggestion
+    'https://*.googletagmanager.com'
     // 'https://*.stripe.com',
     // 'https://*.facebook.com',
     // 'https://*.facebook.net',