Collect samples for CSP reports

ministryofjustice · Jul 13, 2023 · 51b8d26 · 51b8d26
1 parent 89bb959
commit 51b8d26
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
@@ -10,8 +10,8 @@
     policy.font_src    :self, :https, :data
     policy.img_src     :self, :https, :data
     policy.object_src  :none
-    policy.script_src  :self, :https
-    policy.style_src   :self, :https
+    policy.script_src  :self, :https, :report_sample
+    policy.style_src   :self, :https, :report_sample
     # Specify URI for violation reports
     policy.report_uri(ENV["CSP_REPORT_ENDPOINT"]) if ENV["CSP_REPORT_ENDPOINT"].present?
   end