From 049effe2e2e2ccf3ae83381bcfa0bdc4c855f912 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Thu, 1 Jun 2017 03:42:42 +0000
Subject: [PATCH] Configure Content-Security-Policy for datagrepper, for the
 future.

---
 roles/datagrepper/templates/datagrepper-fedmsg.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/datagrepper/templates/datagrepper-fedmsg.py b/roles/datagrepper/templates/datagrepper-fedmsg.py
index c6f0989b92..e8a9246319 100644
--- a/roles/datagrepper/templates/datagrepper-fedmsg.py
+++ b/roles/datagrepper/templates/datagrepper-fedmsg.py
@@ -17,4 +17,8 @@ config = {
     'fedmenu_url': 'https://apps.fedoraproject.org/fedmenu',
     'fedmenu_data_url': 'https://apps.fedoraproject.org/js/data.js',
     {% endif %}
+
+    # Only allow ajax/websockets connections back to our domains.
+    # https://github.com/fedora-infra/datagrepper/pull/192
+    'content_security_policy': 'connect-src https://*.fedoraproject.org wss://*.fedoraproject.org'
 }