From 7418e5e3c14ae7b447701eb2e60c5bd63e3b52cc Mon Sep 17 00:00:00 2001
From: acnormun <anaclara.noronha@weni.ai>
Date: Thu, 7 Nov 2024 12:59:57 -0300
Subject: [PATCH] chore: add data to connect security police

---
 nginx.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nginx.conf b/nginx.conf
index 7fd6f68a..a7e6c31f 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -29,8 +29,8 @@ http {
     set $CSP_SCRIPT "script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com accounts.google.com connect.facebook.net *.hotjar.com www.google-analytics.com cdn.logr-ingest.com";
     set $CSP_STYLE "style-src 'self' 'unsafe-hashes' 'unsafe-inline' ilhasoft.com.br accounts.google.com fonts.googleapis.com";
     set $CSP_FONT "font-src 'self' data: fonts.gstatic.com";
-    set $CSP_IMAGE "img-src 'self' data: blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org https://cdn.jsdelivr.net";
-    set $CSP_CONNECT "connect-src 'self' blob: *.weni.ai *.bothub.it accounts.google.com www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io";
+    set $CSP_IMAGE "img-src 'self' data:  blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org https://cdn.jsdelivr.net";
+    set $CSP_CONNECT "connect-src 'self' data: blob: *.weni.ai *.bothub.it accounts.google.com www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io";
     set $CSP_FRAME_SRC "frame-src 'self' *.weni.ai https://td.doubleclick.net";
     set $CSP_WORKER_SRC "worker-src data: blob:";
     set $CSP_FRAME_ANCESTORS "frame-ancestors 'self' *.weni.ai";