From 9af36f5f03a8b644b989223dcfc92d84a143fb54 Mon Sep 17 00:00:00 2001
From: Yassine R <riffi.yassine@gmail.com>
Date: Thu, 9 Nov 2023 10:25:41 +0100
Subject: [PATCH] fix(nginx): update nginx rules

---
 .kontinuous/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.kontinuous/values.yaml b/.kontinuous/values.yaml
index 36d7c19ffe..367d73c263 100644
--- a/.kontinuous/values.yaml
+++ b/.kontinuous/values.yaml
@@ -168,7 +168,7 @@ portail-usagers:
   ingress:
     annotations:
       nginx.ingress.kubernetes.io/configuration-snippet: |
-        more_set_headers "Content-Security-Policy: default-src 'none'; manifest-src 'self' https://*.gouv.fr; connect-src 'self' https://*.gouv.fr; font-src 'self'; img-src 'self' data:; script-src 'self' https://*.gouv.fr 'unsafe-inline'; frame-src 'self' https://*.gouv.fr; style-src 'self' 'unsafe-inline'";
+        more_set_headers "Content-Security-Policy: default-src 'none'; manifest-src 'self' https://*.gouv.fr; connect-src 'self' https://*.gouv.fr ; media-src 'self' https://domifaprod2.blob.core.windows.net/ https://tally.so/; font-src 'self'; img-src 'self' https://tally.so/ data:; script-src 'self' 'unsafe-inline' https://*.gouv.fr https://tally.so/ https://tally.so/widgets/embed.js ; frame-src 'self' https://*.gouv.fr  https://tally.so/ ; style-src 'self' 'unsafe-inline'";
         more_set_headers "X-Frame-Options: deny";
         more_set_headers "X-Content-Type-Options: nosniff";
         more_set_headers "Cache-Control: no-store";