Merge pull request #6961 from topcoder-platform/PROD-4429

PROD-4429 Update CSP headers
topcoder-platform · Jan 26, 2024 · f731ea4 · f731ea4
2 parents ea8f71d + e9d01c1
commit f731ea4
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -358,6 +358,7 @@ workflows:
             branches:
               only:
                 - develop
+                - PROD-4429
       # This is alternate dev env for parallel testing
       # Deprecate this workflow due to beta env shutdown
       # https://topcoder.atlassian.net/browse/CORE-251

diff --git a/config/default.js b/config/default.js
@@ -478,4 +478,5 @@ module.exports = {
   MEMBER_SEARCH_REDIRECT_URL: 'https://talent-search.topcoder-dev.com',
   ACCOUNT_SETTINGS_REDIRECT_URL: 'https://account-settings.topcoder-dev.com',
   INNOVATION_CHALLENGES_TAG: 'Innovation Challenge',
+  PLATFORM_SITE_URL: 'https://platform.topcoder-dev.com',
 };
diff --git a/src/server/index.js b/src/server/index.js
@@ -152,15 +152,17 @@ async function onExpressJsSetup(server) {
           + ' https://www.google-analytics.com'
           + ' https://43d132d5dbff47c59d9d53ad448f93c2.js.ubembed.com'
           + ' https://assets.ubembed.com'
-          + ' https://browser.sentry-cdn.com'
           + ' https://cdn.heapanalytics.com'
           + ' https://cdn.segment.com'
           + ' https://connect.facebook.net'
           + ' https://d1of0acg2orgco.cloudfront.net'
           + ' https://d1mwkvp2xbqfs9.cloudfront.net'
           + ' https://d24oibycet9bsb.cloudfront.net'
-          + ' https://fast.trychameleon.com'
           + ' https://static.zdassets.com'
+          + ' https://uni-nav.topcoder-dev.com'
+          + ' https://uni-nav.topcoder.com'
+          + ' https://js.hs-analytics.net'
+          + ' https://cdn-3.convertexperiments.com'
           + ' https://www.googletagmanager.com;'
         + " style-src 'report-sample' 'self' 'unsafe-inline'"
           + ` ${config.CDN.PUBLIC}`
@@ -180,8 +182,8 @@ async function onExpressJsSetup(server) {
           + ' https://api.segment.io'
           + ' https://cdn.segment.com'
           + ' https://ekr.zdassets.com'
-          + ' https://fast.trychameleon.com'
           + ' https://stats.g.doubleclick.net'
+          + ' https://region1.analytics.google.com'
           + ' https://www.google-analytics.com;'
         + " font-src 'self'"
           + ' data:'
@@ -211,10 +213,11 @@ async function onExpressJsSetup(server) {
           + ' https://www.googletagmanager.com'
           + ' https://i.ytimg.com'
           + ' https://images.contentful.com'
+          + ' https://member-media.topcoder-dev.com'
+          + ' https://member-media.topcoder.com'
           + ' https://d0.awsstatic.com/logos/;'
         + " manifest-src 'self';"
         + " media-src 'self';"
-        + ' report-uri https://623d4c23f90d055298b24042.endpoint.csper.io/?v=0;'
         + " worker-src 'self';",
       );
     }