From 47b89c1112313e9a40d464708d9e98ec0362c8af Mon Sep 17 00:00:00 2001
From: Robert Sparks <rjsparks@nostrum.com>
Date: Mon, 9 May 2022 13:38:50 -0500
Subject: [PATCH] chore: alter CSP to enable analytics (#3941)

---
 ietf/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ietf/settings.py b/ietf/settings.py
index 692a0ff45..5483fdd33 100644
--- a/ietf/settings.py
+++ b/ietf/settings.py
@@ -516,7 +516,7 @@ CORS_URLS_REGEX = r'^(/api/.*|.*\.json|.*/json/?)$'
 REFERRER_POLICY = 'strict-origin-when-cross-origin'
 
 # Content security policy configuration (django-csp)
-CSP_DEFAULT_SRC = ("'self'", "'unsafe-inline'", "data: https://datatracker.ietf.org/ https://www.ietf.org/")
+CSP_DEFAULT_SRC = ("'self'", "'unsafe-inline'", "data: https://datatracker.ietf.org/ https://www.ietf.org/ https://analytics.ietf.org/")
 
 # django.middleware.security.SecurityMiddleware 
 SECURE_BROWSER_XSS_FILTER       = True