From 9fd3158be71968dc578a8a792352f9fdb83cca11 Mon Sep 17 00:00:00 2001
From: John Topley <john.topley@ons.gov.uk>
Date: Tue, 4 Apr 2023 10:00:41 +0100
Subject: [PATCH] CSP tweaks

---
 webapp/app.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapp/app.rb b/webapp/app.rb
index 8593597..a3e813f 100644
--- a/webapp/app.rb
+++ b/webapp/app.rb
@@ -58,7 +58,7 @@ def website_link(url)
 
 before do
   headers 'Cache-Control' => 'no-cache'
-  headers 'Content-Security-Policy' => "default-src 'self'; img-src 'self' data: https://avatars.githubusercontent.com https://cdn.datatables.net; https://*.integrateddataservice.gov.uk; script-src 'unsafe-eval' 'self' https://ajax.googleapis.com https://cdn.datatables.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdn.datatables.net;"
+  headers 'Content-Security-Policy' => "default-src 'self'; img-src 'self' data: https://avatars.githubusercontent.com https://cdn.datatables.net; https://githubdev-explorer.integrateddataservice.gov.uk; script-src 'unsafe-eval' 'self' https://ajax.googleapis.com https://cdn.datatables.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdn.datatables.net;"
   headers 'Content-Type' => 'text/html; charset=utf-8'
   headers 'Permissions-Policy' => 'fullscreen=(self)'
   headers 'Referrer-Policy' => 'strict-origin-when-cross-origin'