From b73982292882904b9d324f3c2214dec92d8fdaa9 Mon Sep 17 00:00:00 2001
From: Graham Knop <haarg@haarg.org>
Date: Sat, 10 Feb 2024 08:29:41 +0100
Subject: [PATCH] update CSP header for modern Google Analytics and reCAPTCHA

---
 app.psgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.psgi b/app.psgi
index 15f99dfc9f2..f680a5bba48 100644
--- a/app.psgi
+++ b/app.psgi
@@ -92,7 +92,7 @@ builder {
                         "frame-ancestors 'self' *.metacpan.org",
 
         # temporary 'unsafe-eval' because root/static/js/jquery.tablesorter.js
-                        "script-src 'self' 'unsafe-eval' 'unsafe-inline' *.metacpan.org *.google-analytics.com *.google.com www.gstatic.com",
+                        "script-src 'self' 'unsafe-eval' 'unsafe-inline' *.metacpan.org https://*.googletagmanager.com  https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/",
 
                         ),
                         'X-Frame-Options'        => 'SAMEORIGIN',