From 51a19a559bfb6e6fd4db69a8ac95857eca8616c6 Mon Sep 17 00:00:00 2001
From: Soufiane <soufiane@scinote.net>
Date: Fri, 14 Jul 2023 14:25:24 +0200
Subject: [PATCH] Define allowed scripts src-elem for CSP [SCI-8634] (#5771)

---
 config/initializers/content_security_policy.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 53707a5b4..087a331d7 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -12,6 +12,7 @@ ActiveSupport::Reloader.to_prepare do
     policy.img_src     :self, :https, :data, :blob
     policy.object_src  :none
     policy.script_src  :self, :unsafe_eval
+    policy.script_src_elem :self, *Extends::EXTERNAL_SERVICES
     policy.style_src   :self, :https, :unsafe_inline, :data
     policy.connect_src :self, :data, *Extends::EXTERNAL_SERVICES