From e95010e9e1d691355bbbff5878b8a4c5947a5ac0 Mon Sep 17 00:00:00 2001
From: Hans Olav Sund <hans.olav.sund@digdir.no>
Date: Fri, 27 Sep 2024 09:48:57 +0200
Subject: [PATCH] fix: add missing csp-source datalandsbyen and (temporary)
 staging sparql

---
 nginx-prod.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx-prod.conf b/nginx-prod.conf
index 6b30d92..f1702dd 100644
--- a/nginx-prod.conf
+++ b/nginx-prod.conf
@@ -54,7 +54,7 @@ http {
 
         set $cspNonce $request_id;
         set $csp_reports https://europe-west1-digdir-cloud-functions.cloudfunctions.net/cloud-logging-csp-staging;
-        set $csp_policy_fdk_portal "default-src 'self'; script-src 'self' https://siteimproveanalytics.com https://sparql.fellesdatakatalog.digdir.no 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://altinncdn.no https://fonts.googleapis.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://fellesdatakatalog.digdir.no https://*.fellesdatakatalog.digdir.no https://europe-west1-digdir-cloud-functions.cloudfunctions.net https://prefix.cc https://rdf.kartverket.no; font-src 'self' https://altinncdn.no https://fonts.gstatic.com; frame-src 'self' https://sso.fellesdatakatalog.digdir.no https://www.youtube.com; frame-ancestors 'none'; img-src 'self' https://datalandsbyen.norge.no https://orglogo.difi.no https://6255470.global.siteimproveanalytics.io; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri ${csp_reports};";
+        set $csp_policy_fdk_portal "default-src 'self'; script-src 'self' https://siteimproveanalytics.com https://sparql.fellesdatakatalog.digdir.no 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://altinncdn.no https://fonts.googleapis.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://fellesdatakatalog.digdir.no https://*.fellesdatakatalog.digdir.no https://europe-west1-digdir-cloud-functions.cloudfunctions.net https://prefix.cc https://rdf.kartverket.no https://datalandsbyen.norge.no https://sparql.staging.fellesdatakatalog.digdir.no; font-src 'self' https://altinncdn.no https://fonts.gstatic.com; frame-src 'self' https://sso.fellesdatakatalog.digdir.no https://www.youtube.com; frame-ancestors 'none'; img-src 'self' https://datalandsbyen.norge.no https://orglogo.difi.no https://6255470.global.siteimproveanalytics.io; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri ${csp_reports};";
         set $csp_policy_static_rdf "base-uri 'self'; default-src 'self'; script-src 'self' cdnjs.cloudflare.com code.jquery.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; report-uri ${csp_reports};";
         set $csp_policy_validator "base-uri 'self'; default-src 'self'; connect-src 'self' https://*.fellesdatakatalog.digdir.no; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://res-1.cdn.office.net; frame-ancestors 'none'; report-uri ${csp_reports};";
         set $csp_policy_frontpage "default-src 'self'; script-src 'self' 'nonce-$cspNonce' 'strict-dynamic' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://cache.kartverket.no https://6255470.global.siteimproveanalytics.io; font-src 'self'; connect-src 'self' https://aisearch.api.fellesdatakatalog.digdir.no; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests;";