Merge pull request #657 from ClimateMind/update-nginx-config-to-inclu…

…de-frame-src-and-style-src-elem Update Content-Security-Policy header in nginx.config
ClimateMind · Aug 27, 2024 · 8e8f057 · 8e8f057
2 parents f5f9c84 + 3fedd9b
commit 8e8f057
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 2 deletions.
diff --git a/nginx.config b/nginx.config
@@ -9,7 +9,7 @@ server {
         try_files $$uri /index.html;
     }
 
-    add_header Content-Security-Policy "default-src 'self'; frame-src https://www.google.com/; script-src 'self' https://www.googletagmanager.com/ https://*.google-analytics.com https://*.analytics.google.com https://www.google.com/ https://www.gstatic.com/ https://accounts.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com; img-src * www.googletagmanager.com 'self' data: https; font-src 'self' *.typekit.net fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https://*.okta.com https://app-backend-test-001.azurewebsites.net https://app-backend-prod-001.azurewebsites.net https://sentry.io https://o1287611.ingest.sentry.io/api/6526369/envelope/?sentry_key=b0ca2fb00555461ba86f659a99cceb37&sentry_version=7 https://o1287611.ingest.sentry.io/api/6526369/security/?sentry_key=b0ca2fb00555461ba86f659a99cceb37; report-uri https://o1287611.ingest.sentry.io/api/6526369/security/?sentry_key=b0ca2fb00555461ba86f659a99cceb37;";
+    add_header Content-Security-Policy "default-src 'self'; frame-src https://www.google.com/ https://accounts.google.com/; script-src 'self' https://www.googletagmanager.com/ https://*.google-analytics.com https://*.analytics.google.com https://www.google.com/ https://www.gstatic.com/ https://accounts.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://accounts.google.com; style-src-elem 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://accounts.google.com; img-src * www.googletagmanager.com 'self' data: https; font-src 'self' *.typekit.net fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https://*.okta.com https://app-backend-test-001.azurewebsites.net https://app-backend-prod-001.azurewebsites.net https://sentry.io https://o1287611.ingest.sentry.io/api/6526369/envelope/?sentry_key=b0ca2fb00555461ba86f659a99cceb37&sentry_version=7 https://o1287611.ingest.sentry.io/api/6526369/security/?sentry_key=b0ca2fb00555461ba86f659a99cceb37; report-uri https://o1287611.ingest.sentry.io/api/6526369/security/?sentry_key=b0ca2fb00555461ba86f659a99cceb37;";
     add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin";
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
     add_header X-Content-Type-Options nosniff;

diff --git a/src/shared/hooks/useApiClient.tsx b/src/shared/hooks/useApiClient.tsx
@@ -157,7 +157,6 @@ function useApiClient() {
     const response = await apiCall<responses.googleLogin>('post', '/auth/google', {}, { credential }, true);
     const { access_token } = response.data;
     Cookies.set('accessToken', access_token, { secure: true, sameSite: 'strict' });
-    console.log(response.data, 'data');
     return response.data;
   }