From 667baa6cdcb8203331ae36af98190de506cff646 Mon Sep 17 00:00:00 2001
From: acnormun <anaclara.noronha@weni.ai>
Date: Thu, 7 Nov 2024 15:22:48 -0300
Subject: [PATCH] chore: add wpp app security police

---
 nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index a7e6c31f..57c128b4 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -30,7 +30,7 @@ http {
     set $CSP_STYLE "style-src 'self' 'unsafe-hashes' 'unsafe-inline' ilhasoft.com.br accounts.google.com fonts.googleapis.com";
     set $CSP_FONT "font-src 'self' data: fonts.gstatic.com";
     set $CSP_IMAGE "img-src 'self' data:  blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org https://cdn.jsdelivr.net";
-    set $CSP_CONNECT "connect-src 'self' data: blob: *.weni.ai *.bothub.it accounts.google.com www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io";
+    set $CSP_CONNECT "connect-src 'self' data: blob: *.weni.ai *.bothub.it accounts.google.com www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io https://pps.whatsapp.net/";
     set $CSP_FRAME_SRC "frame-src 'self' *.weni.ai https://td.doubleclick.net";
     set $CSP_WORKER_SRC "worker-src data: blob:";
     set $CSP_FRAME_ANCESTORS "frame-ancestors 'self' *.weni.ai";