Fix src connect csp (#296)

gruel-coveo · web-flow · commit 088e977b25d3 · 2023-12-13T13:14:39.000-05:00
* Added missing connect-src * Missed https://c.6sc.co
diff --git a/_includes/_content-security-policy.html b/_includes/_content-security-policy.html
@@ -1 +1 @@
-<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://coveordblog.disqus.com/embed.js https://j.6sc.co/6si.min.js https://munchkin.marketo.net https://gist.github.com https://www.googletagmanager.com http://platform.twitter.com https://cdn.cookielaw.org https://code.jquery.com/jquery-3.6.0.min.js https://static.cloud.coveo.com; style-src 'report-sample' 'self' 'unsafe-inline' https://github.githubassets.com https://fonts.googleapis.com https://p.typekit.net https://s3.amazonaws.com https://static.cloud.coveo.com https://use.typekit.net; object-src https://cdn.cookielaw.org; base-uri 'self'; connect-src 'self' https://b.6sc.co https://cdn.cookielaw.org https://coveo-privacy.my.onetrust.com https://geolocation.onetrust.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://gist.github.com https://www.youtube.com http://platform.twitter.com; img-src 'self' https://b.6sc.co https://cdn.cookielaw.org https://syndication.twitter.com https://avatars.githubusercontent.com https://media.giphy.com data: https://s3.amazonaws.com https://www.coveo.com; manifest-src 'self'; media-src 'self'; worker-src 'none';" />
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://coveordblog.disqus.com/embed.js https://j.6sc.co/6si.min.js https://munchkin.marketo.net https://gist.github.com https://www.googletagmanager.com http://platform.twitter.com https://cdn.cookielaw.org https://code.jquery.com/jquery-3.6.0.min.js https://static.cloud.coveo.com; style-src 'report-sample' 'self' 'unsafe-inline' https://github.githubassets.com https://fonts.googleapis.com https://p.typekit.net https://s3.amazonaws.com https://static.cloud.coveo.com https://use.typekit.net; object-src https://cdn.cookielaw.org; base-uri 'self'; connect-src 'self' https://969-gca-889.mktoresp.com https://ipv6.6sc.co https://b.6sc.co https://c.6sc.co https://cdn.cookielaw.org https://coveo-privacy.my.onetrust.com https://geolocation.onetrust.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://gist.github.com https://www.youtube.com http://platform.twitter.com; img-src 'self' https://b.6sc.co https://cdn.cookielaw.org https://syndication.twitter.com https://avatars.githubusercontent.com https://media.giphy.com data: https://s3.amazonaws.com https://www.coveo.com; manifest-src 'self'; media-src 'self'; worker-src 'none';" />

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		-<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://coveordblog.disqus.com/embed.js https://j.6sc.co/6si.min.js https://munchkin.marketo.net https://gist.github.com https://www.googletagmanager.com http://platform.twitter.com https://cdn.cookielaw.org https://code.jquery.com/jquery-3.6.0.min.js https://static.cloud.coveo.com; style-src 'report-sample' 'self' 'unsafe-inline' https://github.githubassets.com https://fonts.googleapis.com https://p.typekit.net https://s3.amazonaws.com https://static.cloud.coveo.com https://use.typekit.net; object-src https://cdn.cookielaw.org; base-uri 'self'; connect-src 'self' https://b.6sc.co https://cdn.cookielaw.org https://coveo-privacy.my.onetrust.com https://geolocation.onetrust.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://gist.github.com https://www.youtube.com http://platform.twitter.com; img-src 'self' https://b.6sc.co https://cdn.cookielaw.org https://syndication.twitter.com https://avatars.githubusercontent.com https://media.giphy.com data: https://s3.amazonaws.com https://www.coveo.com; manifest-src 'self'; media-src 'self'; worker-src 'none';" />
	`1`	+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://coveordblog.disqus.com/embed.js https://j.6sc.co/6si.min.js https://munchkin.marketo.net https://gist.github.com https://www.googletagmanager.com http://platform.twitter.com https://cdn.cookielaw.org https://code.jquery.com/jquery-3.6.0.min.js https://static.cloud.coveo.com; style-src 'report-sample' 'self' 'unsafe-inline' https://github.githubassets.com https://fonts.googleapis.com https://p.typekit.net https://s3.amazonaws.com https://static.cloud.coveo.com https://use.typekit.net; object-src https://cdn.cookielaw.org; base-uri 'self'; connect-src 'self' https://969-gca-889.mktoresp.com https://ipv6.6sc.co https://b.6sc.co https://c.6sc.co https://cdn.cookielaw.org https://coveo-privacy.my.onetrust.com https://geolocation.onetrust.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://gist.github.com https://www.youtube.com http://platform.twitter.com; img-src 'self' https://b.6sc.co https://cdn.cookielaw.org https://syndication.twitter.com https://avatars.githubusercontent.com https://media.giphy.com data: https://s3.amazonaws.com https://www.coveo.com; manifest-src 'self'; media-src 'self'; worker-src 'none';" />