[CMS-15201] Bootstrap cdn.segment.com to default CSP configuration - Issues

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: 15.1.4
Fix Version/s: 15.2.3
Component/s: None
Labels:
None
Environment:
Clean archetpye

Processed by team:
Nova
Sprint:
Nova Sprint 308
Complexity:
Small (1-2)

Description

The default CSP policy is blocking some tracking code in the CMS. This error shows up in the browser console:

Content Security Policy: The page's settings blocked the loading of a resource at http://cdn.segment.com/analytics.js/v1/4EIM9QDTm7iYX00nN45ve7VguRGgq1DS/analytics.min.js ("script-src").

The fix for this should to add cdn.segment.com to the script-src property below /hippo:configuration/hippo:modules/application-settings/hippo:moduleconfig/content-security-policy, but this domain should be bootstrapped in the CSP configuration.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: David Bailey

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10/Nov/22 8:59 AM

Updated:: 13/Mar/23 12:34 PM

Resolved:: 13/Mar/23 12:34 PM