From dc3f01d194205ca0496f7f5fb38a4ec514ac0730 Mon Sep 17 00:00:00 2001
From: jacob-moore-cb <144269024+jacob-moore-cb@users.noreply.github.com>
Date: Tue, 3 Oct 2023 20:52:22 -0700
Subject: [PATCH] Add CCA Lite domains to Base Docs CSP. (#42)

---
 apps/base-docs/server.js | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/apps/base-docs/server.js b/apps/base-docs/server.js
index eb19446811..ac6da06e94 100644
--- a/apps/base-docs/server.js
+++ b/apps/base-docs/server.js
@@ -55,7 +55,13 @@ const contentSecurityPolicy = {
   'default-src': ["'self'"],
   'frame-ancestors': ["'self'"],
   'form-action': ["'self'"],
-  'script-src': ["'self'", "'unsafe-inline'"],
+  'script-src': [
+    "'self'",
+    "'unsafe-inline'",
+    'https://static-assets.coinbase.com/js/cca/v0.0.1.js', // CCA Lite
+    'https://cca-lite.coinbase.com', // CCA Lite
+    'https://analytics-service-dev.cbhq.net', // CCA Lite
+  ],
   'style-src': ["'self'", "'unsafe-inline'"],
   'img-src': ["'self'", 'data:'],
   'connect-src': [
@@ -64,6 +70,7 @@ const contentSecurityPolicy = {
     'wss://relay.walletconnect.com', // WalletConnect
     'wss://relay.walletconnect.org',
     'https://goerli.base.org', // Base Goerli RPC
+    'https://cca-lite.coinbase.com', // CCA Lite
   ],
   'frame-src': ["'self'", 'https://player.vimeo.com'],
 };