From ed37e7c9f5331b65e6cf9387c0fd63881af8b756 Mon Sep 17 00:00:00 2001 From: Marco Bottaro Date: Mon, 25 Nov 2024 16:54:44 +0100 Subject: [PATCH 1/2] Fix img_src CSP rule to see in Dev the images inserted using production's CMS --- .changeset/six-yaks-obey.md | 5 +++++ apps/infrastructure/src/modules/website/cloudfront.tf | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 .changeset/six-yaks-obey.md diff --git a/.changeset/six-yaks-obey.md b/.changeset/six-yaks-obey.md new file mode 100644 index 000000000..5b933317c --- /dev/null +++ b/.changeset/six-yaks-obey.md @@ -0,0 +1,5 @@ +--- +"infrastructure": patch +--- + +Fix img_src CSP rule to see in Dev the images inserted using production's CMS diff --git a/apps/infrastructure/src/modules/website/cloudfront.tf b/apps/infrastructure/src/modules/website/cloudfront.tf index 24a97e996..270df5b29 100644 --- a/apps/infrastructure/src/modules/website/cloudfront.tf +++ b/apps/infrastructure/src/modules/website/cloudfront.tf @@ -6,7 +6,7 @@ locals { form_action = "'self'" font_src = "data: 'self' https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/icons/" connect_src = "'self' https://cognito-identity.eu-south-1.amazonaws.com/ https://dynamodb.eu-south-1.amazonaws.com/ https://cognito-idp.eu-south-1.amazonaws.com/ https://raw.githubusercontent.com/pagopa/ https://raw.githubusercontent.com/teamdigitale/ https://*.cookielaw.org https://*.onetrust.com https://www.google-analytics.com https://api.io.italia.it *.google-analytics.com https://pagopa.matomo.cloud/ https://*.${var.dns_domain_name}" - img_src = "data: 'self' https://i.vimeocdn.com/ https://io.italia.it/assets/ https://raw.githubusercontent.com/pagopa/ https://www.pagopa.gov.it/assets/ https://*.cookielaw.org/logos/ recaptcha.net https://*.googleusercontent.com https://*.${var.dns_domain_name}" + img_src = "data: 'self' https://i.vimeocdn.com/ https://io.italia.it/assets/ https://raw.githubusercontent.com/pagopa/ https://www.pagopa.gov.it/assets/ https://*.cookielaw.org/logos/ recaptcha.net https://*.googleusercontent.com https://*.dev.developer.pagopa.it https://*.developer.pagopa.it" frame_src = "https://player.vimeo.com/ https://vimeo.com/ https://demo.arcade.software/ https://www.google.com https://recaptcha.net https://www.youtube.com https://pagopa.applytojob.com https://www.figma.com/ https://codepen.io/" } @@ -110,4 +110,4 @@ resource "aws_cloudfront_distribution" "website" { acm_certificate_arn = var.use_custom_certificate ? aws_acm_certificate.website.arn : null ssl_support_method = var.use_custom_certificate ? "sni-only" : null } -} \ No newline at end of file +} From 460a10d7b24be8ee0d82abcff0f91ccaab5f49c7 Mon Sep 17 00:00:00 2001 From: Marco Bottaro Date: Mon, 25 Nov 2024 17:02:30 +0100 Subject: [PATCH 2/2] Fix changeset --- .changeset/six-yaks-obey.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changeset/six-yaks-obey.md b/.changeset/six-yaks-obey.md index 5b933317c..8d7db22d6 100644 --- a/.changeset/six-yaks-obey.md +++ b/.changeset/six-yaks-obey.md @@ -2,4 +2,4 @@ "infrastructure": patch --- -Fix img_src CSP rule to see in Dev the images inserted using production's CMS +Fix img_src CSP directive to see also in Dev the images inserted using production's CMS