From bb29ded373a442ec57d9dd62a237b04beedfa5a3 Mon Sep 17 00:00:00 2001
From: Jad <jad.saad@aot-technologies.com>
Date: Thu, 20 Jul 2023 09:21:48 -0700
Subject: [PATCH] Add frame-src rules for prod and test

---
 met-web/nginx/nginx.prod.conf                         | 2 +-
 met-web/nginx/nginx.test.conf                         | 2 +-
 met-web/src/components/common/FileUpload/Uploader.tsx | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/met-web/nginx/nginx.prod.conf b/met-web/nginx/nginx.prod.conf
index 5a49188b2..5d088f2ed 100644
--- a/met-web/nginx/nginx.prod.conf
+++ b/met-web/nginx/nginx.prod.conf
@@ -47,7 +47,7 @@ http {
       img-src 'self' data: blob: https://citz-gdx.objectstore.gov.bc.ca;
       style-src 'self' 'unsafe-inline';
       connect-src 'self' https://spt.apps.gov.bc.ca/com.snowplowanalytics.snowplow/tp2 https://met-analytics-api.apps.gold.devops.gov.bc.ca https://met-oidc.apps.gold.devops.gov.bc.ca https://kit.fontawesome.com https://ka-f.fontawesome.com https://citz-gdx.objectstore.gov.bc.ca https://api.mapbox.com https://governmentofbc.maps.arcgis.com  https://tiles.arcgis.com https://www.arcgis.com;
-      frame-src 'self' https://met-oidc.apps.gold.devops.gov.bc.ca https://met-analytics.apps.gold.devops.gov.bc.ca;
+      frame-src 'self' https://met-oidc.apps.gold.devops.gov.bc.ca https://met-analytics.apps.gold.devops.gov.bc.ca https://www.youtube.com;
       frame-ancestors 'self' https://met-oidc.apps.gold.devops.gov.bc.ca";
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
     add_header X-Content-Type-Options "nosniff";
diff --git a/met-web/nginx/nginx.test.conf b/met-web/nginx/nginx.test.conf
index 99ca6e445..968c5ff2f 100644
--- a/met-web/nginx/nginx.test.conf
+++ b/met-web/nginx/nginx.test.conf
@@ -47,7 +47,7 @@ http {
       img-src 'self' data: blob: https://citz-gdx.objectstore.gov.bc.ca;
       style-src 'self' 'unsafe-inline';
       connect-src 'self' https://spt.apps.gov.bc.ca/com.snowplowanalytics.snowplow/tp2 https://epic-engage-analytics-api-test.apps.gold.devops.gov.bc.ca https://epic-engage-oidc-test.apps.gold.devops.gov.bc.ca https://met-analytics-api-test.apps.gold.devops.gov.bc.ca https://met-oidc-test.apps.gold.devops.gov.bc.ca https://kit.fontawesome.com https://ka-f.fontawesome.com https://citz-gdx.objectstore.gov.bc.ca https://api.mapbox.com https://governmentofbc.maps.arcgis.com https://tiles.arcgis.com https://www.arcgis.com;
-      frame-src 'self' https://met-oidc-test.apps.gold.devops.gov.bc.ca https://epic-engage-oidc-test.apps.gold.devops.gov.bc.ca https://epic-engage-analytics-api-test.apps.gold.devops.gov.bc.ca https://met-analytics-test.apps.gold.devops.gov.bc.ca ;
+      frame-src 'self' https://met-oidc-test.apps.gold.devops.gov.bc.ca https://epic-engage-oidc-test.apps.gold.devops.gov.bc.ca https://epic-engage-analytics-api-test.apps.gold.devops.gov.bc.ca https://met-analytics-test.apps.gold.devops.gov.bc.ca https://www.youtube.com;
       frame-ancestors 'self' https://met-oidc-test.apps.gold.devops.gov.bc.ca https://epic-engage-oidc-test.apps.gold.devops.gov.bc.ca"; 
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
     add_header X-Content-Type-Options "nosniff";
diff --git a/met-web/src/components/common/FileUpload/Uploader.tsx b/met-web/src/components/common/FileUpload/Uploader.tsx
index feb9c4bfd..2aa9041cd 100644
--- a/met-web/src/components/common/FileUpload/Uploader.tsx
+++ b/met-web/src/components/common/FileUpload/Uploader.tsx
@@ -10,6 +10,7 @@ interface UploaderProps {
     acceptedFormat?: Accept;
 }
 const Uploader = ({ margin = 2, height = '10em', helpText, acceptedFormat }: UploaderProps) => {
+    console.log(acceptedFormat);
     const { handleAddFile } = useContext(FileUploadContext);
 
     return (