From a081c8a434ff4809824cd9e1b22ae8fa670bec94 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Elif=20Meri=C3=A7?= <elifmeric@sabanciuniv.edu>
Date: Tue, 5 Nov 2024 09:16:57 +0300
Subject: [PATCH] Add frame-ancestor and cloudflare insights to CSP

---
 src/prpl.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/prpl.ts b/src/prpl.ts
index 14d235f..5661adf 100644
--- a/src/prpl.ts
+++ b/src/prpl.ts
@@ -137,6 +137,7 @@ export function makeHandler(root?: string, config?: Config): (
         "https://digiavantaj.cake.aclz.net",
         "*.efilli.com",
         "https://analytics.tiktok.com",
+        "*.cloudflareinsights.com"
     ];
 
     const frameSrcAllowedHosts = [
@@ -293,6 +294,7 @@ export function makeHandler(root?: string, config?: Config): (
         + "font-src 'self' data: https://fonts.gstatic.com ; "
         + `img-src data: blob: 'self' 'unsafe-inline' https://*.migrosone.com ${imageSrcAllowedHosts.join(' ')} ; `
         + `frame-src ${frameSrcAllowedHosts.join(' ')} ; `
+        + "frame-ancestor 'self https://*.migros.com.tr"
         + `style-src 'self' 'unsafe-inline' ${styleSrcAllowedHosts.join(' ')} ;`
         + `manifest-src 'self' ; `
         + "worker-src 'self' blob: ;"