summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/CGI.pm8
1 files changed, 6 insertions, 2 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 03805ad1e..dbcb3ef68 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -39,11 +39,13 @@ sub DEFAULT_CSP {
script_src => [ 'self', 'nonce', 'unsafe-inline', 'https://www.google-analytics.com' ],
frame_src => [ 'none', ],
worker_src => [ 'none', ],
- img_src => [ 'self', 'https://secure.gravatar.com', 'https://www.google-analytics.com' ],
+ img_src => [ 'self', 'https://secure.gravatar.com' ],
style_src => [ 'self', 'unsafe-inline' ],
object_src => [ 'none' ],
connect_src => [
'self',
+ # This is for extensions/GoogleAnalytics using beacon or XHR
+ 'https://www.google-analytics.com',
# This is from extensions/OrangeFactor/web/js/orange_factor.js
'https://treeherder.mozilla.org/api/failurecount/',
],
@@ -70,9 +72,11 @@ sub SHOW_BUG_MODAL_CSP {
my ($bug_id) = @_;
my %policy = (
script_src => ['self', 'nonce', 'unsafe-inline', 'unsafe-eval', 'https://www.google-analytics.com' ],
- img_src => [ 'self', 'https://secure.gravatar.com', 'https://www.google-analytics.com' ],
+ img_src => [ 'self', 'https://secure.gravatar.com' ],
connect_src => [
'self',
+ # This is for extensions/GoogleAnalytics using beacon or XHR
+ 'https://www.google-analytics.com',
# This is from extensions/OrangeFactor/web/js/orange_factor.js
'https://treeherder.mozilla.org/api/failurecount/',
],
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-11-10 19:02:59 +0100