From 74e899c4a59bc73b8882950e10778518f9e2df4a Mon Sep 17 00:00:00 2001
From: Louis Fortunier <louis.fortunier@smartbooster.io>
Date: Thu, 12 Sep 2024 11:23:10 +0200
Subject: [PATCH] `README.md` update : Add missing nelmio security settings
 configuration

---
 CHANGELOG_update_nelmio_security_doc.md | 2 ++
 README.md                               | 8 ++++++++
 2 files changed, 10 insertions(+)
 create mode 100644 CHANGELOG_update_nelmio_security_doc.md

diff --git a/CHANGELOG_update_nelmio_security_doc.md b/CHANGELOG_update_nelmio_security_doc.md
new file mode 100644
index 0000000..b0e882f
--- /dev/null
+++ b/CHANGELOG_update_nelmio_security_doc.md
@@ -0,0 +1,2 @@
+### Changed
+`README.md` update : Add missing nelmio security settings configuration (@lfortunier)
\ No newline at end of file
diff --git a/README.md b/README.md
index 1325717..0c4a1ed 100644
--- a/README.md
+++ b/README.md
@@ -123,6 +123,7 @@ nelmio_security:
             # this is a port of https://github.com/twitter/secureheaders/blob/83a564a235c8be1a8a3901373dbc769da32f6ed7/lib/secure_headers/headers/policy_management.rb#L97
             browser_adaptive:
                 enabled: true
+            # this is a full list of known case, you must keep only useful script in project
             script-src:
                 - 'self'
                 - 'unsafe-inline'
@@ -133,6 +134,13 @@ nelmio_security:
                 - 'https://www.youtube.com'
                 - 'https://www.youtube-nocookie.com'
                 - 'https://js.stripe.com'
+                - 'https://canny.io/'
+                - 'https://www.google.com/'
+                - 'https://www.gstatic.com/'
+                - 'https://code.iconify.design'
+                - 'https://cdn.jsdelivr.net'
+                - 'http://embed.typeform.com'
+                - 'https://embed.typeform.com'
             block-all-mixed-content: true # defaults to false, blocks HTTP content over HTTPS transport
 ```