From b6c1bd1c55951ed09f66e9af442fa1cbbedbcbeb Mon Sep 17 00:00:00 2001
From: Victor Zeinstra <zeinstra.victor@gmail.com>
Date: Wed, 21 Jun 2023 09:50:41 +0200
Subject: [PATCH] fix: iframe security blob (#5227)

* feat: prendre referer au lieu de src_url

* Revert "feat: prendre referer au lieu de src_url"

This reverts commit 5516d3c4b3b72196a4eace5708410461e2f18d10.

* fix: iframe csp pour telechargement modele

---------

Co-authored-by: Victor Zeinstra <zeinsta.victor@gmail.com>
---
 packages/code-du-travail-frontend/next.config.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/code-du-travail-frontend/next.config.js b/packages/code-du-travail-frontend/next.config.js
index 3b8096bfed..22dc86bf60 100644
--- a/packages/code-du-travail-frontend/next.config.js
+++ b/packages/code-du-travail-frontend/next.config.js
@@ -8,7 +8,7 @@ img-src 'self' data: *.fabrique.social.gouv.fr https://travail-emploi.gouv.fr ht
 script-src 'self' https://mon-entreprise.urssaf.fr *.fabrique.social.gouv.fr https://cdnjs.cloudflare.com ${
   process.env.NODE_ENV !== "production" && "'unsafe-eval'"
 };
-frame-src 'self' https://mon-entreprise.urssaf.fr https://matomo.fabrique.social.gouv.fr *.dailymotion.com;
+frame-src 'self' https://mon-entreprise.urssaf.fr https://matomo.fabrique.social.gouv.fr *.dailymotion.com https://cdtnadminprod.blob.core.windows.net;
 style-src 'self' 'unsafe-inline';
 font-src 'self' data: blob:;
 worker-src 'self' blob:;