From c24744de5bdd4410d8a2871679f5489c20132ebd Mon Sep 17 00:00:00 2001
From: Shaun Ford <shaun.ford@nike.com>
Date: Thu, 17 May 2018 10:49:36 -0700
Subject: [PATCH] Fix content security policy

---
 .../java/com/nike/cerberus/security/SecurityHttpHeaders.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/com/nike/cerberus/security/SecurityHttpHeaders.java b/src/main/java/com/nike/cerberus/security/SecurityHttpHeaders.java
index e65f5a209..68ab519c3 100644
--- a/src/main/java/com/nike/cerberus/security/SecurityHttpHeaders.java
+++ b/src/main/java/com/nike/cerberus/security/SecurityHttpHeaders.java
@@ -48,7 +48,7 @@ public class SecurityHttpHeaders extends DefaultHttpHeaders {
      * https://en.wikipedia.org/wiki/Content_Security_Policy
      */
     private static final String CONTENT_SECURITY_POLICY_HEADER_NAME = "Content-Security-Policy";
-    private static final String CONTENT_SECURITY_POLICY_HEADER_VALUE = "default-src 'none'; connect-src 'self'; font-src https://web.nike.com; img-src 'self'; script-src 'self'; style-src 'unsafe-inline' https://web.nike.com/; frame-ancestors 'none';";
+    private static final String CONTENT_SECURITY_POLICY_HEADER_VALUE = "default-src 'none'; connect-src 'self'; font-src https://web.nike.com; img-src 'self'; script-src 'self'; style-src 'unsafe-inline' https://web.nike.com/; worker-src 'self' blob:; frame-ancestors 'none';";
 
     /**
      * Referrer Policy header can restrict referrer information sent by browser