chore(deps): update dependency ember-cli-content-security-policy to v2 (#386)

Co-authored-by: Renovate Bot <[email protected]>
Co-authored-by: Guido <[email protected]>

Author: 3 people

config/content-security-policy.js

@@ -0,0 +1,37 @@
+'use strict';
+
+module.exports = function(environment) {
+  const policy = {
+    'default-src': ['\'none\''],
+    'script-src': ['\'self\'', 'www.google-analytics.com', 'www.googletagmanager.com'],
+    'font-src': ['\'self\'', 'fonts.gstatic.com'],
+    'connect-src': ['\'self\'', 'sentry.io'],
+    'img-src': ['\'self\'', 'camo.csvalpha.nl', 'www.google-analytics.com', 'img.youtube.com'],
+    'style-src': ['\'self\'', '\'unsafe-inline\'', 'fonts.googleapis.com/'],
+    'media-src': ['\'self\''],
+    'manifest-src': ['\'self\''],
+    'object-src': ['\'self\''],
+    'frame-src': ['\'self\'', 'www.youtube.com'],
+    'worker-src': ['\'self\''],
+    'base-uri': ['\'none\''],
+    'form-action': ['\'self\''],
+    'frame-ancestors': ['\'self\''],
+    'block-all-mixed-content': []
+  };
+
+  if (['development', 'test'].includes(environment)) {
+    policy['script-src'].push('\'unsafe-inline\'', '\'unsafe-eval\'');
+  }
+
+  if (environment === 'production') {
+    policy['report-uri'] = ['https://sentry.io/api/186017/security/?sentry_key=5931cc6f635a4e6c96c8dcab4885485f'];
+  }
+
+  return {
+    delivery: ['header'],
+    enabled: true,
+    failTests: true,
+    policy,
+    reportOnly: false
+  };
+};

config/environment.js

@@ -12,29 +12,6 @@ module.exports = function(environment) {
       hostname: '/api/v1'
     },
 
-    // See https://github.com/rwjblue/ember-cli-content-security-policy
-    contentSecurityPolicyHeader: 'Content-Security-Policy',
-
-    // See https://github.com/damiencaselli/ember-cli-sentry#content-security-policy
-    // Keep this Content Security Policy in sync with nginx config
-    contentSecurityPolicy: {
-      'default-src': '\'none\'',
-      'manifest-src': '\'self\'',
-      'script-src': '\'self\' www.google-analytics.com www.googletagmanager.com',
-      'font-src': '\'self\' fonts.gstatic.com',
-      'connect-src': '\'self\' sentry.io',
-      'img-src': '\'self\' camo.csvalpha.nl www.google-analytics.com img.youtube.com',
-      'style-src': '\'self\' \'unsafe-inline\' fonts.googleapis.com/',
-      'media-src': '\'self\'',
-      'object-src': '\'self\'',
-      'frame-src': '\'self\' www.youtube.com',
-      'worker-src': '\'self\'',
-      'base-uri': '\'none\'',
-      'form-action': '\'self\'',
-      'frame-ancestors': '\'self\'',
-      'block-all-mixed-content': ''
-    },
-
     moment: {
       includeLocales: ['nl'],
       allowEmpty: true
@@ -104,8 +81,6 @@ module.exports = function(environment) {
     // ENV.APP.LOG_TRANSITIONS = true;
     // ENV.APP.LOG_TRANSITIONS_INTERNAL = true;
     // ENV.APP.LOG_VIEW_LOOKUPS = true;
-
-    ENV.contentSecurityPolicy['script-src'] += ' \'unsafe-inline\' \'unsafe-eval\'';
   }
 
   if (environment === 'test') {
@@ -122,14 +97,13 @@ module.exports = function(environment) {
 
   ENV['@sentry/ember'] = {
     sentry: {
-      dsn: 'https://invalid@xx.ingest.sentry.io/12345', // invalid key, will be replaced when run as prod
+      dsn: 'https://[email protected]/12345', // invalid key, will be replaced when run as prod
       environment: deployTarget,
       release: `amber-ui@${process.env.BUILD_HASH}`
     }
   };
 
   if (environment === 'production') {
-    ENV.contentSecurityPolicy['report-uri'] = 'https://sentry.io/api/186017/security/?sentry_key=5931cc6f635a4e6c96c8dcab4885485f';
     ENV['@sentry/ember'].sentry.dsn = 'https://[email protected]/186017';
   }
 

package.json

@@ -41,7 +41,7 @@
     "ember-can": "^4.1",
     "ember-cli": "~3.20.2",
     "ember-cli-babel": "^7.26.6",
-    "ember-cli-content-security-policy": "^1.1",
+    "ember-cli-content-security-policy": "^2.0.1",
     "ember-cli-dependency-checker": "^3.2",
     "ember-cli-dropzonejs": "^1.3",
     "ember-cli-file-saver": "^2.0",

yarn.lock

@@ -3878,7 +3878,7 @@ __metadata:
     ember-can: ^4.1
     ember-cli: ~3.20.2
     ember-cli-babel: ^7.26.6
-    ember-cli-content-security-policy: ^1.1
+    ember-cli-content-security-policy: ^2.0.1
     ember-cli-dependency-checker: ^3.2
     ember-cli-dropzonejs: ^1.3
     ember-cli-file-saver: ^2.0
@@ -8670,13 +8670,16 @@ __metadata:
   languageName: node
   linkType: hard
 
-"ember-cli-content-security-policy@npm:^1.1":
-  version: 1.1.1
-  resolution: "ember-cli-content-security-policy@npm:1.1.1"
+"ember-cli-content-security-policy@npm:^2.0.1":
+  version: 2.0.1
+  resolution: "ember-cli-content-security-policy@npm:2.0.1"
   dependencies:
     body-parser: ^1.17.0
-    chalk: ^2.0.0
-  checksum: 5384ed664038fa575dc6d99ee6634d5c6258d7669f52bc9ffddd3e48f881592b30420974e58680565fcda3ae43c55d2cd104467945c5402c2a4767e08e3633fa
+    chalk: ^4.1.1
+    debug: ^4.3.1
+    ember-cli-babel: ^7.26.3
+    ember-cli-version-checker: ^5.0.2
+  checksum: ba0e5f21962ca44719d043b52407e89c9b473cc20f69aa4b642105916066ebfcf85311b1bf48eaabd421a9a7f8d0e10de75151a3934ec08c74c66cd15d9c09ac
   languageName: node
   linkType: hard
 
@@ -9196,7 +9199,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"ember-cli-version-checker@npm:^5.0.1, ember-cli-version-checker@npm:^5.1.1, ember-cli-version-checker@npm:^5.1.2":
+"ember-cli-version-checker@npm:^5.0.1, ember-cli-version-checker@npm:^5.0.2, ember-cli-version-checker@npm:^5.1.1, ember-cli-version-checker@npm:^5.1.2":
   version: 5.1.2
   resolution: "ember-cli-version-checker@npm:5.1.2"
   dependencies: