From 4249546243cc16def100bfd2800dbecc6a9056b0 Mon Sep 17 00:00:00 2001
From: Florian Dieminger <me@fiji-flo.de>
Date: Mon, 13 May 2024 13:41:45 +0200
Subject: [PATCH] feat(csp): allow shared assets (#10858)

Allow assers from https://mdn.github.io/shared-assets/
managed via GitHub pages in https://github.com/mdn/shared-assets
---
 libs/constants/index.js | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/libs/constants/index.js b/libs/constants/index.js
index e8ab63891089..8f52bdf0531e 100644
--- a/libs/constants/index.js
+++ b/libs/constants/index.js
@@ -152,6 +152,9 @@ export const CSP_DIRECTIVES = {
     "wikipedia.org",
     "upload.wikimedia.org",
 
+    // Shared assets.
+    "https://mdn.github.io/shared-assets/",
+
     // GA4.
     "https://*.google-analytics.com",
     "https://*.googletagmanager.com",
@@ -159,7 +162,14 @@ export const CSP_DIRECTIVES = {
     "www.gstatic.com",
   ],
   "manifest-src": ["'self'"],
-  "media-src": ["'self'", "archive.org", "videos.cdn.mozilla.net"],
+  "media-src": [
+    "'self'",
+    "archive.org",
+    "videos.cdn.mozilla.net",
+
+    // Shared assets.
+    "https://mdn.github.io/shared-assets/",
+  ],
   "child-src": ["'self'"],
   "worker-src": ["'self'"],
 };