From b5b978cba270bed82b575f3207ec2a432a923585 Mon Sep 17 00:00:00 2001
From: Gard Opsahl Skaare <gard.opsahl.skaare@nav.no>
Date: Mon, 4 Nov 2024 15:04:29 +0100
Subject: [PATCH] feat(familie-backend/headers.ts): legg til Nav telemetry
 URL-er i CSP headers (#1586)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Nødvendig for å samle inn telemetri i appene våre
---
 packages/familie-backend/src/headers.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/packages/familie-backend/src/headers.ts b/packages/familie-backend/src/headers.ts
index cc7f86537..1f64ab778 100644
--- a/packages/familie-backend/src/headers.ts
+++ b/packages/familie-backend/src/headers.ts
@@ -5,8 +5,10 @@ const fontSource = 'https://fonts.gstatic.com';
 const navFontSource = 'https://cdn.nav.no';
 const amplitude = 'https://amplitude.nav.no';
 const sentry = 'https://sentry.gc.nav.no';
+const navTelemetry = 'https://telemetry.nav.no';
+const navTelemetryDev = 'https://telemetry.ekstern.dev.nav.no';
 
-const cspString = `default-src 'self' data: ${amplitude} ${sentry}; style-src 'self' ${styleSource} data: 'unsafe-inline'; font-src 'self' ${fontSource} ${navFontSource} data:; frame-src 'self' blob:;`;
+const cspString = `default-src 'self' data: ${amplitude} ${sentry} ${navTelemetry} ${navTelemetryDev}; style-src 'self' ${styleSource} data: 'unsafe-inline'; font-src 'self' ${fontSource} ${navFontSource} data:; frame-src 'self' blob:;`;
 
 const setup = (app: Express) => {
     app.disable('x-powered-by');