From b30410cbfd7c72cec77e6580e13147ed55d535be Mon Sep 17 00:00:00 2001
From: AshGDS <8880610+AshGDS@users.noreply.github.com>
Date: Wed, 20 Dec 2023 10:26:00 +0000
Subject: [PATCH 1/2] Add GOVUK domains to script src CSP

The assets domain can't POST to the feedback form without this.
---
 lib/govuk_app_config/govuk_content_security_policy.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/govuk_app_config/govuk_content_security_policy.rb b/lib/govuk_app_config/govuk_content_security_policy.rb
index 97a83de..cb0b33a 100644
--- a/lib/govuk_app_config/govuk_content_security_policy.rb
+++ b/lib/govuk_app_config/govuk_content_security_policy.rb
@@ -51,6 +51,7 @@ def self.build_policy(policy)
     policy.script_src :self,
                       *GOOGLE_ANALYTICS_DOMAINS,
                       *GOOGLE_STATIC_DOMAINS,
+                      *GOVUK_DOMAINS,
                       # Allow YouTube Embeds (Govspeak turns YouTube links into embeds)
                       "*.ytimg.com",
                       "www.youtube.com",

From d3ed92c5fc694dc768ad0ee45c60b824bce8ba39 Mon Sep 17 00:00:00 2001
From: AshGDS <8880610+AshGDS@users.noreply.github.com>
Date: Wed, 20 Dec 2023 11:36:48 +0000
Subject: [PATCH 2/2] Release version 9.8.0

---
 CHANGELOG.md                    | 4 ++++
 lib/govuk_app_config/version.rb | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7b7da96..290bf2e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# 9.8.0
+
+* Add GOVUK domains to script src CSP ([#334](https://github.com/alphagov/govuk_app_config/pull/334))
+
 # 9.7.0
 
 * Enable adding custom LogStasher fields from apps ([#327](https://github.com/alphagov/govuk_app_config/pull/327))
diff --git a/lib/govuk_app_config/version.rb b/lib/govuk_app_config/version.rb
index c2f94f5..9e18620 100644
--- a/lib/govuk_app_config/version.rb
+++ b/lib/govuk_app_config/version.rb
@@ -1,3 +1,3 @@
 module GovukAppConfig
-  VERSION = "9.7.0".freeze
+  VERSION = "9.8.0".freeze
 end