From 7170ca5dfd7945474c64a737d9cbd0b6d92a5951 Mon Sep 17 00:00:00 2001
From: Serghei Iakovlev <egrep@protonmail.ch>
Date: Sun, 24 Jul 2022 20:34:30 +0200
Subject: Correct CSP header

---
 netlify-pr.go | 6 +++---
 netlify.toml  | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/netlify-pr.go b/netlify-pr.go
index 6e6eb54..e232627 100644
--- a/netlify-pr.go
+++ b/netlify-pr.go
@@ -47,9 +47,9 @@ func main() {
 		repStr = "${1} app.netlify.com${3}"
 		newStr = reStr.ReplaceAllString(newStr, repStr)
 
-		// -> script-src 'self' www.googletagmanager.com hypothes.is;
-		// <- script-src 'self' www.googletagmanager.com hypothes.is netlify-cdp-loader.netlify.app;
-		reStr = regexp.MustCompile(`(script-src) ('self' www\.googletagmanager\.com hypothes\.is)(;)`)
+		// -> script-src 'self' www.googletagmanager.com hypothes.is cdn.hypothes.is;
+		// <- script-src 'self' www.googletagmanager.com hypothes.is cdn.hypothes.is netlify-cdp-loader.netlify.app;
+		reStr = regexp.MustCompile(`(script-src) ('self' www\.googletagmanager\.com hypothes\.is cdn\.hypothes\.is)(;)`)
 		repStr = "${1} ${2} netlify-cdp-loader.netlify.app${3}"
 		newStr = reStr.ReplaceAllString(newStr, repStr)
 
diff --git a/netlify.toml b/netlify.toml
index f3b429b..08a2b00 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -89,7 +89,7 @@
     # (including inline scripts and event-handling HTML attributes).
     Content-Security-Policy = """
     default-src 'self';
-    script-src 'self' www.googletagmanager.com hypothes.is;
+    script-src 'self' www.googletagmanager.com hypothes.is cdn.hypothes.is;
     style-src 'self';
     img-src 'self' data: *.google-analytics.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net;
     font-src 'self';
-- 
cgit v1.2.3