From 5a1c4f3a03faa559530a17e90570721464f73764 Mon Sep 17 00:00:00 2001
From: ivan-aksamentov <ivan.aksamentov@gmail.com>
Date: Tue, 30 Aug 2022 16:57:58 +0200
Subject: [PATCH] chore: allow plausible.io in CSP [skip ci]

---
 infra/web/lambda-at-edge/ViewerResponse.lambda.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infra/web/lambda-at-edge/ViewerResponse.lambda.js b/infra/web/lambda-at-edge/ViewerResponse.lambda.js
index e47d7d9..ed9e484 100644
--- a/infra/web/lambda-at-edge/ViewerResponse.lambda.js
+++ b/infra/web/lambda-at-edge/ViewerResponse.lambda.js
@@ -43,7 +43,7 @@ function generatePermissionsPolicyHeader(permissionsPolicyObject) {
 }
 const NEW_HEADERS = {
   'Content-Security-Policy':
-    `default-src 'self' *.pangenome.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pangenome.org maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com;img-src 'self' data:; connect-src *; frame-src 'self' player.vimeo.com`,
+    `default-src 'self' *.pangenome.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pangenome.org plausible.io maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com;img-src 'self' data:; connect-src *; frame-src 'self' player.vimeo.com`,
   'Referrer-Policy': 'no-referrer',
   'Strict-Transport-Security': 'max-age=15768000; includeSubDomains; preload',
   'X-Content-Type-Options': 'nosniff',