From 222b75b41050ff59605308c1b62d27b50d4fe5fa Mon Sep 17 00:00:00 2001
From: Aad Mathijssen <aad.mathijssen@isaac.nl>
Date: Wed, 23 Mar 2022 16:57:09 +0100
Subject: [PATCH] Add missing img-src policy for www.googletagmanager.com

According to the [CSP documentation](https://developers.google.com/tag-platform/tag-manager/web/csp), the following directives are needed for the www.googletagmanager.com domain (when nonces or hashes are not used):

    script-src: 'unsafe-inline' https://www.googletagmanager.com
    img-src: www.googletagmanager.com
---
 etc/csp_whitelist.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/etc/csp_whitelist.xml b/etc/csp_whitelist.xml
index aec11d3..665338e 100644
--- a/etc/csp_whitelist.xml
+++ b/etc/csp_whitelist.xml
@@ -28,6 +28,7 @@
                 <value id="custom-csp-googleapis-img-ssl" type="host">https://www.googleadservices.com/</value>
                 <value id="custom-csp-googleapis-img-ga-ssl" type="host">https://www.google-analytics.com/</value>
                 <value id="custom-csp-google-img-ga-ssl" type="host">https://www.google.com/</value>
+                <value id="custom-csp-googletagmanager-img" type="host">www.googletagmanager.com</value>
             </values>
         </policy>
         <policy id="connect-src">