fix(csp): always include internal CDN in script-src/connect-src and update tests accordingly

See ChatGPT conversation: https://chatgpt.com/share/68b492b8-847c-800f-82a9-fb890d4add7f
2025-09-09 11:47:14 +02:00 · 2025-08-31 20:22:05 +02:00
parent 5f66c1a622
commit aa2eb53776
2 changed files with 20 additions and 23 deletions
--- a/filter_plugins/csp_filters.py
+++ b/filter_plugins/csp_filters.py
@@ -139,10 +139,9 @@ class FilterModule(object):
                        if matomo_domain:
                            tokens.append(f"{web_protocol}://{matomo_domain}")
                    
-                    # Allow the loading of js from the cdn        
-                    if self.is_feature_enabled(applications, 'logout', application_id) or self.is_feature_enabled(applications, 'desktop', application_id):
-                        domain = domains.get('web-svc-cdn')[0]
-                        tokens.append(f"{web_protocol}://{domain}")
+                    # Allow fetching from internal CDN as default for all applications
+                    domain = domains.get('web-svc-cdn')[0]
+                    tokens.append(f"{web_protocol}://{domain}")

                # ReCaptcha integration: allow loading scripts from Google if feature enabled
                if self.is_feature_enabled(applications, 'recaptcha', application_id):