From 439ae1e83271882cf83a95e2e4e100dfd1a94b29 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Sun, 15 Sep 2019 14:41:34 -0700
Subject: [PATCH] fix: CSP for client-side editor uploads

---
 server/app.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server/app.js b/server/app.js
index db97b505..19c58ab6 100644
--- a/server/app.js
+++ b/server/app.js
@@ -122,6 +122,11 @@ app.use(
       styleSrc: ["'self'", "'unsafe-inline'", 'github.githubassets.com'],
       imgSrc: ['*', 'data:', 'blob:'],
       frameSrc: ['*'],
+      connectSrc: [
+        "'self'",
+        process.env.AWS_S3_UPLOAD_BUCKET_URL,
+        'www.google-analytics.com',
+      ],
     },
   })
 );