From bc3a3f2dcfc43b5004122d3d865a872a83c819e8 Mon Sep 17 00:00:00 2001
From: Shaun Ford <shaun.ford@nike.com>
Date: Tue, 5 Jun 2018 12:51:48 -0700
Subject: [PATCH 1/2] Allow CSP child-src blob from self to fix Dashboard in
 Safari

---
 .../com/nike/cerberus/security/SecurityHttpHeaders.java  | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/nike/cerberus/security/SecurityHttpHeaders.java b/src/main/java/com/nike/cerberus/security/SecurityHttpHeaders.java
index 68ab519c3..71a3c6489 100644
--- a/src/main/java/com/nike/cerberus/security/SecurityHttpHeaders.java
+++ b/src/main/java/com/nike/cerberus/security/SecurityHttpHeaders.java
@@ -48,7 +48,14 @@ public class SecurityHttpHeaders extends DefaultHttpHeaders {
      * https://en.wikipedia.org/wiki/Content_Security_Policy
      */
     private static final String CONTENT_SECURITY_POLICY_HEADER_NAME = "Content-Security-Policy";
-    private static final String CONTENT_SECURITY_POLICY_HEADER_VALUE = "default-src 'none'; connect-src 'self'; font-src https://web.nike.com; img-src 'self'; script-src 'self'; style-src 'unsafe-inline' https://web.nike.com/; worker-src 'self' blob:; frame-ancestors 'none';";
+    private static final String CONTENT_SECURITY_POLICY_HEADER_VALUE = "default-src 'none';" +
+            " connect-src 'self';" +
+            " font-src https://web.nike.com;" +
+            " img-src 'self';" +
+            " script-src 'self';" +
+            " style-src 'unsafe-inline' https://web.nike.com/;" +
+            " worker-src 'self' blob:; frame-ancestors 'none';" +
+            " child-src 'self' blob:;";
 
     /**
      * Referrer Policy header can restrict referrer information sent by browser

From e2c6e0faf21bc4d1dd4c2519c0f285e973f2cdc2 Mon Sep 17 00:00:00 2001
From: Shaun Ford <shaun.ford@nike.com>
Date: Tue, 5 Jun 2018 13:24:51 -0700
Subject: [PATCH 2/2] Update gradle version to 3.16.2

---
 gradle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle.properties b/gradle.properties
index e7bb9278c..fbc6d7e99 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -14,6 +14,6 @@
 # limitations under the License.
 #
 
-version=3.16.1
+version=3.16.2
 groupId=com.nike.cerberus
 artifactId=cms