Add mapcreator and reuters CSP headers (#12116)

bbc · Oct 30, 2024 · 39bcd02 · 39bcd02
1 parent 46b9938
commit 39bcd02
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/src/server/utilities/cspHeader/directives.js b/src/server/utilities/cspHeader/directives.js
@@ -59,6 +59,8 @@ const directives = {
       'https://www.facebook.com', // Social Embeds, <amp-facebook />
       'https://*.ampproject.net', // Social Embeds
       'https://www.riddle.com', // STY Includes
+      'https://*.mapcreator.io', // Election includes
+      'https://*.thomsonreuters.com', // Election includes
       ...advertisingDirectives.frameSrc,
       "'self'",
     ],
@@ -77,6 +79,8 @@ const directives = {
       'https://flo.uri.sh', // STY includes
       'https://www.riddle.com', // STY Includes
       'https://public.flourish.studio', // Flourish embeds
+      'https://*.mapcreator.io', // Election includes
+      'https://*.thomsonreuters.com', // Election includes
       ...advertisingDirectives.frameSrc,
       "'self'",
     ],
@@ -89,6 +93,8 @@ const directives = {
       'https://www.facebook.com', // Social Embeds, <amp-facebook />
       'https://*.ampproject.net', // Social Embeds
       'https://www.riddle.com', // STY Includes
+      'https://*.mapcreator.io', // Election includes
+      'https://*.thomsonreuters.com', // Election includes
       ...advertisingDirectives.frameSrc,
       "'self'",
     ],
@@ -107,6 +113,8 @@ const directives = {
       'https://flo.uri.sh', // STY includes
       'https://www.riddle.com', // STY Includes
       'https://public.flourish.studio', // Flourish embeds
+      'https://*.mapcreator.io', // Election includes
+      'https://*.thomsonreuters.com', // Election includes
       ...advertisingDirectives.frameSrc,
       "'self'",
     ],
@@ -177,6 +185,8 @@ const directives = {
       'https://cdn.ampproject.org',
       'https://*.chartbeat.com',
       'https://*.twitter.com', // Social Embeds, <amp-twitter />
+      'https://*.mapcreator.io', // Election includes
+      'https://*.thomsonreuters.com', // Election includes
       "'self'",
       "'unsafe-inline'",
     ],
@@ -194,6 +204,8 @@ const directives = {
       'https://*.twimg.com', // Social Embeds
       'https://public.flourish.studio', // STY includes
       'https://www.riddle.com',
+      'https://*.mapcreator.io', // Election includes
+      'https://*.thomsonreuters.com', // Election includes
       ...advertisingDirectives.scriptSrc,
       "'self'",
       "'unsafe-inline'",
@@ -203,6 +215,8 @@ const directives = {
       'https://cdn.ampproject.org',
       'https://*.chartbeat.com',
       'https://*.twitter.com', // Social Embeds, <amp-twitter />
+      'https://*.mapcreator.io', // Election includes
+      'https://*.thomsonreuters.com', // Election includes
       "'self'",
       "'unsafe-inline'",
     ],
@@ -222,6 +236,8 @@ const directives = {
       'https://*.twimg.com', // Social Embeds
       'https://public.flourish.studio', // STY includes
       'https://www.riddle.com',
+      'https://*.mapcreator.io', // Election includes
+      'https://*.thomsonreuters.com', // Election includes
       ...advertisingDirectives.scriptSrc,
       "'self'",
       "'unsafe-inline'",

diff --git a/src/server/utilities/cspHeader/index.test.js b/src/server/utilities/cspHeader/index.test.js
@@ -75,6 +75,8 @@ describe('cspHeader', () => {
         'https://*.googleadservices.com',
         'https://*.amazon-adsystem.com',
         'https://*.teads.tv',
+        'https://*.mapcreator.io',
+        'https://*.thomsonreuters.com',
         "'self'",
       ].sort(),
       imgSrcExpectation: [
@@ -106,6 +108,8 @@ describe('cspHeader', () => {
         'https://cdn.ampproject.org',
         'https://*.chartbeat.com',
         'https://*.twitter.com',
+        'https://*.mapcreator.io',
+        'https://*.thomsonreuters.com',
         "'self'",
         "'unsafe-inline'",
       ].sort(),
@@ -154,6 +158,8 @@ describe('cspHeader', () => {
         'https://*.googleadservices.com',
         'https://*.amazon-adsystem.com',
         'https://*.teads.tv',
+        'https://*.mapcreator.io',
+        'https://*.thomsonreuters.com',
         "'self'",
       ].sort(),
       imgSrcExpectation: [
@@ -209,6 +215,8 @@ describe('cspHeader', () => {
         'https://*.xx.fbcdn.net',
         'https://*.amazon-adsystem.com',
         'https://*.teads.tv',
+        'https://*.mapcreator.io',
+        'https://*.thomsonreuters.com',
         ...advertisingServiceCountryDomains,
         "'self'",
         "'unsafe-inline'",
@@ -255,6 +263,8 @@ describe('cspHeader', () => {
         'https://*.googleadservices.com',
         'https://*.amazon-adsystem.com',
         'https://*.teads.tv',
+        'https://*.mapcreator.io',
+        'https://*.thomsonreuters.com',
         "'self'",
       ].sort(),
       imgSrcExpectation: [
@@ -288,6 +298,8 @@ describe('cspHeader', () => {
         'https://cdn.ampproject.org',
         'https://*.chartbeat.com',
         'https://*.twitter.com',
+        'https://*.mapcreator.io',
+        'https://*.thomsonreuters.com',
         "'self'",
         "'unsafe-inline'",
       ].sort(),
@@ -336,6 +348,8 @@ describe('cspHeader', () => {
         'https://*.googleadservices.com',
         'https://*.amazon-adsystem.com',
         'https://*.teads.tv',
+        'https://*.mapcreator.io',
+        'https://*.thomsonreuters.com',
         "'self'",
       ].sort(),
       imgSrcExpectation: [
@@ -395,6 +409,8 @@ describe('cspHeader', () => {
         'https://*.webcontentassessor.com',
         'https://*.amazon-adsystem.com',
         'https://*.teads.tv',
+        'https://*.mapcreator.io',
+        'https://*.thomsonreuters.com',
         ...advertisingServiceCountryDomains,
         "'self'",
         "'unsafe-inline'",