From e5aa809a07ef786d4b9c87004b8d60a7a238ddf6 Mon Sep 17 00:00:00 2001
From: Jade Ellis <jade@ellis.link>
Date: Sun, 16 Jun 2024 18:40:02 +0100
Subject: [PATCH] Fix google analytics CSP again

---
 packages/website/csp.js | 107 ++++++++++++++++++++--------------------
 1 file changed, 54 insertions(+), 53 deletions(-)

diff --git a/packages/website/csp.js b/packages/website/csp.js
index 0bea28d1..a64eea7e 100644
--- a/packages/website/csp.js
+++ b/packages/website/csp.js
@@ -1,59 +1,60 @@
 const rootDomain = process.env.VITE_DOMAIN; // or your server IP for dev
 
 const cspDirectives = {
-  'base-uri': ["'self'"],
-  'child-src': ["'self'"],
-  'connect-src': ["'self'", "https://*.google-analytics.com"],
-  // 'connect-src': ["'self'", 'ws://localhost:*', 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
-  'img-src': ["'self'", 'data:'],
-  'font-src': ["'self'", 'data:'],
-  'form-action': ["'self'"],
-  'frame-ancestors': ["'self'"],
-  'frame-src': [
-    "'self'",
-    // "https://*.stripe.com",
-    // "https://*.facebook.com",
-    // "https://*.facebook.net",
-    // 'https://hcaptcha.com',
-    // 'https://*.hcaptcha.com',
-  ],
-  'manifest-src': ["'self'"],
-  'media-src': ["'self'", 'data:'],
-  'object-src': ["'none'"],
-  'style-src': ["'self'", "'unsafe-inline'"],
-  // 'style-src': ["'self'", "'unsafe-inline'", 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
-  'default-src': [
-    'self',
-    ...(rootDomain ? [rootDomain, `ws://${rootDomain}`] : []),
-    // 'https://*.google.com',
-    // 'https://*.googleapis.com',
-    // 'https://*.firebase.com',
-    // 'https://*.gstatic.com',
-    // 'https://*.cloudfunctions.net',
-    // 'https://*.algolia.net',
-    // 'https://*.facebook.com',
-    // 'https://*.facebook.net',
-    // 'https://*.stripe.com',
-    // 'https://*.sentry.io',
-  ],
-  'script-src': [
-    'self',
-    'unsafe-inline', // chrome suggestion
-    'https://*.googletagmanager.com'
-    // 'https://*.stripe.com',
-    // 'https://*.facebook.com',
-    // 'https://*.facebook.net',
-    // 'https://hcaptcha.com',
-    // 'https://*.hcaptcha.com',
-    // 'https://*.sentry.io',
-    // 'https://polyfill.io',
-  ],
-  'worker-src': ["'self'"],
-  // remove report-to & report-uri if you do not want to use Sentry reporting
-//   'report-to': ["'csp-endpoint'"],
-//   'report-uri': [
-//     `https://sentry.io/api/${process.env.VITE_SENTRY_PROJECT_ID}/security/?sentry_key=${process.env.VITE_SENTRY_KEY}`,
-//   ],
+    'base-uri': ["'self'"],
+    'child-src': ["'self'"],
+    'connect-src': ["'self'", "https://*.google-analytics.com"],
+    // 'connect-src': ["'self'", 'ws://localhost:*', 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
+    'img-src': ["'self'", 'data:',
+        'https://*.googletagmanager.com'],
+    'font-src': ["'self'", 'data:'],
+    'form-action': ["'self'"],
+    'frame-ancestors': ["'self'"],
+    'frame-src': [
+        "'self'",
+        // "https://*.stripe.com",
+        // "https://*.facebook.com",
+        // "https://*.facebook.net",
+        // 'https://hcaptcha.com',
+        // 'https://*.hcaptcha.com',
+    ],
+    'manifest-src': ["'self'"],
+    'media-src': ["'self'", 'data:'],
+    'object-src': ["'none'"],
+    'style-src': ["'self'", "'unsafe-inline'"],
+    // 'style-src': ["'self'", "'unsafe-inline'", 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
+    'default-src': [
+        'self',
+        ...(rootDomain ? [rootDomain, `ws://${rootDomain}`] : []),
+        // 'https://*.google.com',
+        // 'https://*.googleapis.com',
+        // 'https://*.firebase.com',
+        // 'https://*.gstatic.com',
+        // 'https://*.cloudfunctions.net',
+        // 'https://*.algolia.net',
+        // 'https://*.facebook.com',
+        // 'https://*.facebook.net',
+        // 'https://*.stripe.com',
+        // 'https://*.sentry.io',
+    ],
+    'script-src': [
+        'self',
+        'unsafe-inline', // chrome suggestion
+        'https://*.googletagmanager.com'
+        // 'https://*.stripe.com',
+        // 'https://*.facebook.com',
+        // 'https://*.facebook.net',
+        // 'https://hcaptcha.com',
+        // 'https://*.hcaptcha.com',
+        // 'https://*.sentry.io',
+        // 'https://polyfill.io',
+    ],
+    'worker-src': ["'self'"],
+    // remove report-to & report-uri if you do not want to use Sentry reporting
+    //   'report-to': ["'csp-endpoint'"],
+    //   'report-uri': [
+    //     `https://sentry.io/api/${process.env.VITE_SENTRY_PROJECT_ID}/security/?sentry_key=${process.env.VITE_SENTRY_KEY}`,
+    //   ],
 };
 
 export default cspDirectives;
\ No newline at end of file