From 38ad6eb8789c9b54d4e450218729c9c8a587b42e Mon Sep 17 00:00:00 2001
From: Mrugesh Mohapatra <me@raisedadead.com>
Date: Thu, 28 Jun 2018 21:01:29 +0530
Subject: [PATCH] fix(csp): Update policy for FA and remove optimizely

---
 server/middlewares/csp.js | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/server/middlewares/csp.js b/server/middlewares/csp.js
index ff909fb18a..165d862620 100644
--- a/server/middlewares/csp.js
+++ b/server/middlewares/csp.js
@@ -23,8 +23,7 @@ export default function csp() {
     directives: {
       defaultSrc: trusted.concat([
         'https://*.cloudflare.com',
-        '*.cloudflare.com',
-        'https://*.optimizely.com'
+        '*.cloudflare.com'
       ]),
       connectSrc: trusted.concat([
         'https://glitch.com',
@@ -47,8 +46,7 @@ export default function csp() {
         '*.twimg.com',
         'https://*.twimg.com',
         '*.youtube.com',
-        '*.ytimg.com',
-        'https://*.optimizely.com'
+        '*.ytimg.com'
       ].concat(trusted),
       styleSrc: [
         "'unsafe-inline'",
@@ -58,7 +56,6 @@ export default function csp() {
         'https://*.bootstrapcdn.com',
         '*.cloudflare.com',
         'https://*.cloudflare.com',
-        'https://*.optimizely.com',
         'https://use.fontawesome.com'
       ].concat(trusted),
       fontSrc: [
@@ -67,8 +64,7 @@ export default function csp() {
         '*.bootstrapcdn.com',
         '*.googleapis.com',
         '*.gstatic.com',
-        'https://*.bootstrapcdn.com',
-        'https://*.optimizely.com'
+        'https://*.bootstrapcdn.com'
       ].concat(trusted),
       imgSrc: [
         // allow all input since we have user submitted images for