ui: update nginx to allow new exchange rate url

frontend/configureServer.sh

@@ -73,6 +73,12 @@ if [ "$REACT_APP_EMAIL_SERVICE_ENABLED" = true ]; then
     proxy_pass http://$email_host:$email_port/;" /etc/nginx/conf.d/default.conf
 fi
 
+if [[ ! -z "${REACT_APP_EXCHANGE_RATE_URL}" ]]; then
+  echo "Adding the exchange rate API url to ${REACT_APP_EXCHANGE_RATE_URL}"
+  sed -i -e "/# exchangeRateApi/i\\ \   add_header Content-Security-Policy \"default-src 'self'; connect-src 'self' $REACT_APP_EXCHANGE_RATE_URL; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; child-src 'self' blob:; frame-ancestors 'self'; form-action 'self'; script-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data: https://validator.swagger.io;\";" /etc/nginx/conf.d/default.conf
+fi
+
+
 sed -i -e "/# pathToStorageService/i\\
 proxy_pass http://$storage_service_host:$storage_service_port/download;" /etc/nginx/conf.d/default.conf
 

frontend/nginx.conf

@@ -5,7 +5,8 @@ server {
     add_header X-Frame-Options "sameorigin";
     add_header X-Content-Type-Options "nosniff";
     # If data mus be fetched from external servers (e.g. exchange rates), add the URL to connect-src:
-    add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://sdw-wsrest.ecb.europa.eu/service/data/EXR/; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; child-src 'self' blob:; frame-ancestors 'self'; form-action 'self'; script-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data: https://validator.swagger.io;";
+    add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://data-api.ecb.europa.eu/service/data/EXR/; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; child-src 'self' blob:; frame-ancestors 'self'; form-action 'self'; script-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data: https://validator.swagger.io;";
+    # exchangeRateApi
 
     #charset koi8-r;
     #access_log  /var/log/nginx/host.access.log  main;