Merge pull request #12099 from bbc/adjust-csp

add teads + googleadservices to csp
bbc · Oct 28, 2024 · da613bb · da613bb
2 parents ba6b5b0 + 9b3d2cd
commit da613bb
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 0 deletions.
diff --git a/.yarn/cache/@esbuild-darwin-arm64-npm-0.23.1-1d26281f3d-10.zip b/.yarn/cache/@esbuild-darwin-arm64-npm-0.23.1-1d26281f3d-10.zip
diff --git a/.yarn/cache/@esbuild-linux-x64-npm-0.23.1-e5d2d8764d-10.zip b/.yarn/cache/@esbuild-linux-x64-npm-0.23.1-e5d2d8764d-10.zip
diff --git a/...-darwin-x64-npm-14.2.10-a1396b1353-10.zip → ...arwin-arm64-npm-14.2.10-ee14b48ab4-10.zip b/...-darwin-x64-npm-14.2.10-a1396b1353-10.zip → ...arwin-arm64-npm-14.2.10-ee14b48ab4-10.zip
diff --git a/src/server/utilities/cspHeader/directives.js b/src/server/utilities/cspHeader/directives.js
@@ -20,6 +20,7 @@ const advertisingDirectives = {
     'https://*.imrworldwide.com',
     'https://sb.scorecardresearch.com',
     'https://*.amazon-adsystem.com',
+    'https://www.googleadservices.com',
   ],
   scriptSrc: [
     'https://*.adsafeprotected.com',
@@ -37,6 +38,7 @@ const advertisingDirectives = {
     'https://*.permutive.com',
     'https://*.webcontentassessor.com',
     'https://*.amazon-adsystem.com',
+    'https://*.teads.tv',
     ...advertisingServiceCountryDomains,
   ],
   defaultSrc: [...bbcDomains, 'https://*.googlesyndication.com'],

diff --git a/src/server/utilities/cspHeader/index.test.js b/src/server/utilities/cspHeader/index.test.js
@@ -96,6 +96,7 @@ describe('cspHeader', () => {
         'https://sb.scorecardresearch.com',
         'https://i.ytimg.com',
         'https://*.amazon-adsystem.com',
+        'https://www.googleadservices.com',
         "data: 'self'",
       ].sort(),
       scriptSrcExpectation: [
@@ -171,6 +172,7 @@ describe('cspHeader', () => {
         'https://*.tiktokcdn.com',
         'https://*.xx.fbcdn.net',
         'https://*.amazon-adsystem.com',
+        'https://www.googleadservices.com',
         "data: 'self'",
       ].sort(),
       scriptSrcExpectation: [
@@ -202,6 +204,7 @@ describe('cspHeader', () => {
         'https://connect.facebook.net',
         'https://*.xx.fbcdn.net',
         'https://*.amazon-adsystem.com',
+        'https://*.teads.tv',
         ...advertisingServiceCountryDomains,
         "'self'",
         "'unsafe-inline'",
@@ -271,6 +274,7 @@ describe('cspHeader', () => {
         'https://*.facebook.com',
         'https://*.xx.fbcdn.net',
         'https://*.amazon-adsystem.com',
+        'https://www.googleadservices.com',
         "data: 'self'",
       ].sort(),
       scriptSrcExpectation: [
@@ -348,6 +352,7 @@ describe('cspHeader', () => {
         'https://*.tiktokcdn.com',
         'https://*.xx.fbcdn.net',
         'https://*.amazon-adsystem.com',
+        'https://www.googleadservices.com',
         "data: 'self'",
       ].sort(),
       scriptSrcExpectation: [
@@ -381,6 +386,7 @@ describe('cspHeader', () => {
         'https://*.xx.fbcdn.net',
         'https://*.webcontentassessor.com',
         'https://*.amazon-adsystem.com',
+        'https://*.teads.tv',
         ...advertisingServiceCountryDomains,
         "'self'",
         "'unsafe-inline'",