refactor: narrow down connect-src directive

angela-tran · jgravois · angela-tran · commit 6a25813b3d7d · 2025-12-01T20:53:25.000Z
Co-authored-by: john gravois &lt;jagravois@gmail.com&gt;
diff --git a/benefits/settings.py b/benefits/settings.py
@@ -313,7 +313,13 @@ def RUNTIME_ENVIRONMENT():
 CONTENT_SECURITY_POLICY = {
     "DIRECTIVES": {
         "base-uri": [NONE],
-        "connect-src": [SELF, "https://api.amplitude.com/", "https://cdn.jsdelivr.net/"],
+        "connect-src": [
+            SELF,
+            "https://api.amplitude.com/",
+            "https://cdn.jsdelivr.net/npm/@switchio",
+            "https://cdn.jsdelivr.net/npm/bootstrap",
+            "https://cdn.jsdelivr.net/npm/jquery",
+        ],
         "default-src": [SELF],
         "font-src": [SELF, "https://fonts.gstatic.com/"],
         "frame-ancestors": [NONE],
