summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xnetlify-update-csp-headers.rb42
-rw-r--r--netlify.toml4
2 files changed, 44 insertions, 2 deletions
diff --git a/netlify-update-csp-headers.rb b/netlify-update-csp-headers.rb
new file mode 100755
index 0000000..5f89c46
--- /dev/null
+++ b/netlify-update-csp-headers.rb
@@ -0,0 +1,42 @@
+#!/usr/bin/env ruby
+
+NETLIFY_CONFIG = 'netlify.toml'
+
+text = File.read(NETLIFY_CONFIG)
+
+# => default-src 'self';
+# <= default-src 'self' blob:;
+text = text.gsub(
+ /(default-src) ('self')(;)/,
+ "\\1 \\2 blob:\\3"
+)
+
+# => style-src 'self';
+# <= style-src 'self' 'unsafe-inline';
+text = text.gsub(
+ /(style-src) ('self')(;)/,
+ "\\1 \\2 'unsafe-inline'\\3"
+)
+
+# => media-src 'self';
+# <= media-src 'self' blob: https://app.netlify.com;
+text = text.gsub(
+ /(media-src) ('self')(;)/,
+ "\\1 'self' blob: https://app.netlify.com\\3"
+)
+
+# => frame-src 'none';
+# <= frame-src app.netlify.com;
+text = text.gsub(
+ /(frame-src) ('none')(;)/,
+ "\\1 app.netlify.com\\3"
+)
+
+# => script-src 'self' *.googletagmanager.com;
+# <= script-src 'self' *.googletagmanager.com netlify-cdp-loader.netlify.app;
+text = text.gsub(
+ /(script-src) ('self' \*.googletagmanager.com)(;)/,
+ "\\1 \\2 netlify-cdp-loader.netlify.app\\3"
+)
+
+File.open(NETLIFY_CONFIG, "w") { |file| file << text }
diff --git a/netlify.toml b/netlify.toml
index afa9e75..a819a2d 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -27,7 +27,7 @@
# Deploy Preview context: all deploys generated from
# a pull/merge request will inherit these settings.
[context.deploy-preview]
- command = 'hugo --source=exampleSite --buildDrafts --buildFuture --baseURL ${DEPLOY_PRIME_URL} --destination ../public'
+ command = './netlify-update-csp-headers.rb; hugo --source=exampleSite --buildDrafts --buildFuture --baseURL ${DEPLOY_PRIME_URL} --destination ../public'
[context.deploy-preview.environment]
HUGO_ENV = 'development'
@@ -89,7 +89,7 @@
# (including inline scripts and event-handling HTML attributes).
Content-Security-Policy = """
default-src 'self';
- script-src 'self' *.netlify.app *.netlify.com *.googletagmanager.com;
+ script-src 'self' *.googletagmanager.com;
style-src 'self';
img-src 'self' data: *.google-analytics.com *.googletagmanager.com *.gstatic.com;
font-src 'self';