Add single cookie consent api URLs

- once the single consent API is enabled on GOV.UK the JS will be making XMLHttprequests to the staging and production environments for the single consent api, so these URLs need to be added to the CSP
alphagov · Feb 28, 2024 · 9a0c956 · 9a0c956
1 parent f23fd95
commit 9a0c956
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/lib/govuk_app_config/govuk_content_security_policy.rb b/lib/govuk_app_config/govuk_content_security_policy.rb
@@ -71,7 +71,9 @@ def self.build_policy(policy)
                        *GOVUK_DOMAINS,
                        *GOOGLE_ANALYTICS_DOMAINS,
                        # Speedcurve real user monitoring (RUM) - as per: https://support.speedcurve.com/docs/add-rum-to-your-csp
-                       "lux.speedcurve.com"
+                       "lux.speedcurve.com",
+                       "gds-single-consent-staging.app",
+                       "gds-single-consent.app"
 
     # Disallow all <object>, <embed>, and <applet> elements
     #