From 0b624edbbd9445724e504468b2e155e458c794c2 Mon Sep 17 00:00:00 2001
From: poplar media <poplarmedia@users.noreply.github.com>
Date: Sat, 12 Dec 2020 09:35:40 -0500
Subject: [PATCH] Update headers.conf

Adding platform-api.sharethis.com and buttons-config.sharethis.com as default CSP configuration options
---
 app/conf/headers.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/conf/headers.conf b/app/conf/headers.conf
index d4a8a6fde7..08f39f5217 100644
--- a/app/conf/headers.conf
+++ b/app/conf/headers.conf
@@ -3,10 +3,10 @@ security = {
 	X-Content-Type-Options = nosniff,
 	X-XSS-Protection = "1; mode=block",
 	X-Frame-Options = SAMEORIGIN,
-	Content-Security-Policy = ["script-src 'self' maps.googleapis.com cdn.knightlab.com nominatim.openstreetmap.org  ajax.googleapis.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self';"],
-	X-Content-Security-Policy = "script-src 'self' maps.googleapis.com cdn.knightlab.com nominatim.openstreetmap.org  ajax.googleapis.com  tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com 'unsafe-inline' 'unsafe-eval';" ,
+	Content-Security-Policy = ["script-src 'self' maps.googleapis.com cdn.knightlab.com nominatim.openstreetmap.org  ajax.googleapis.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com platform-api.sharethis.com buttons-config.sharethis.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self';"],
+	X-Content-Security-Policy = "script-src 'self' maps.googleapis.com cdn.knightlab.com nominatim.openstreetmap.org  ajax.googleapis.com  tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com  platform-api.sharethis.com buttons-config.sharethis.com 'unsafe-inline' 'unsafe-eval';" ,
 	
 	Feature-Policy =  "microphone 'none'; geolocation 'none'; accelerometer 'none'; autoplay 'none; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; gyroscope 'none'; magnetometer 'none'; midi 'none'; usb 'none';",
 	Strict-Transport-Security = "max-age=10368000; includeSubDomains",
 	Referrer-Policy = "no-referrer"
-}
\ No newline at end of file
+}