From 5a7771263e11534cff7946e02ee5bfb3e458a435 Mon Sep 17 00:00:00 2001
From: ThomasDos <dosanjos.thomas@gmail.com>
Date: Mon, 19 Aug 2024 15:59:39 +0200
Subject: [PATCH] feat(infra,admin): allow adresse-api via connect-src csp
 directive (staging)

---
 infra/traefik/config/dynamic.yml         |  2 +-
 packages/reva-admin-react/next.config.js | 14 --------------
 2 files changed, 1 insertion(+), 15 deletions(-)

diff --git a/infra/traefik/config/dynamic.yml b/infra/traefik/config/dynamic.yml
index a5cfcf7dd..5588b0741 100644
--- a/infra/traefik/config/dynamic.yml
+++ b/infra/traefik/config/dynamic.yml
@@ -174,7 +174,7 @@ http:
     add-security-headers-staging:
       headers:
         customResponseHeaders:
-          Content-Security-Policy: "default-src 'none'; form-action 'none'; base-uri 'none'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; script-src 'self' https://static.userguiding.com https://public.produktly.com https://matomo.fabrique.social.gouv.fr 'unsafe-inline'; style-src 'self' https://static.userguiding.com https://public.produktly.com https://matomo.fabrique.social.gouv.fr 'unsafe-inline'; connect-src 'self' https://api.produktly.com https://sessions.bugsnag.com https://strapi.vae.gouv.fr https://matomo.fabrique.social.gouv.fr https://auth.reva.incubateur.net; font-src 'self' data:; frame-src 'self' blob: https://auth.reva.incubateur.net https://plugins.crisp.chat;"
+          Content-Security-Policy: "default-src 'none'; form-action 'none'; base-uri 'none'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; script-src 'self' https://static.userguiding.com https://public.produktly.com https://matomo.fabrique.social.gouv.fr 'unsafe-inline'; style-src 'self' https://static.userguiding.com https://public.produktly.com https://matomo.fabrique.social.gouv.fr 'unsafe-inline'; connect-src 'self' https://api.produktly.com https://sessions.bugsnag.com https://strapi.vae.gouv.fr https://matomo.fabrique.social.gouv.fr https://auth.reva.incubateur.net https://api-adresse.data.gouv.fr; font-src 'self' data:; frame-src 'self' blob: https://auth.reva.incubateur.net https://plugins.crisp.chat;"
           X-Frame-Options: SAMEORIGIN
           X-Content-Type-Options: nosniff
 
diff --git a/packages/reva-admin-react/next.config.js b/packages/reva-admin-react/next.config.js
index c6071517b..0c9a87b75 100644
--- a/packages/reva-admin-react/next.config.js
+++ b/packages/reva-admin-react/next.config.js
@@ -24,20 +24,6 @@ const nextConfig = {
       },
     ];
   },
-  async headers() {
-    return [
-      {
-        source: "/(.*)",
-        headers: [
-          {
-            key: "Content-Security-Policy",
-            value:
-              "default-src 'self'; connect-src 'self' https://api-adresse.data.gouv.fr;",
-          },
-        ],
-      },
-    ];
-  },
 };
 
 module.exports = nextConfig;