jonespm
commented
2 years ago I'm fine removing the Google stuff for now. I'll create an issue (if there isn't one yet) about supporting Google Analytics and add this as a note of consideration to that.
Closed jonespm closed 2 years ago
jonespm
commented
2 years ago I'm fine removing the Google stuff for now. I'll create an issue (if there isn't one yet) about supporting Google Analytics and add this as a note of consideration to that.
I was looking to make this config a little simpler based on what you had in CCM and only configure what is really necessary which is the FRAME_ANCESTORS. I could make the others configurable with this as a default but it's a little messier using environment variables over JSON for configuration.
To test this you'd want to be browsing with the console window open to see if there's any CSP errors reported. All I saw are errors from Canvas about Sentry and some warnings about future versions of TinyMCE which are part of the plugin.
Perhaps we could get rid of some of the unsafe-inline, but would need to do a little more work, especially on scripts. And it might not be entirely possible?
I also have some Google things in here that we're not using yet, but I'm sure we'll be adding Google Analytics to this to get some idea of usage.