From 9ea5cb6cffaf6de074f541ce9de8b24a10fc6b67 Mon Sep 17 00:00:00 2001
From: Nursoltan Saipolda <nursoltan.saipolda@chemantics.com>
Date: Mon, 18 Jul 2022 15:52:12 +0800
Subject: [PATCH 1/2] remove unsafe-inline csp for veterans

---
 src/server/index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/server/index.js b/src/server/index.js
index 0eee1228fd..2f0b20b00f 100644
--- a/src/server/index.js
+++ b/src/server/index.js
@@ -139,7 +139,7 @@ async function onExpressJsSetup(server) {
       res.header(
         'Content-Security-Policy',
         "default-src 'self';"
-        + " script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval'"
+        + " script-src 'report-sample' 'self'"
           + ` ${config.CDN.PUBLIC}`
           + ' http://www.google-analytics.com'
           + ' https://43d132d5dbff47c59d9d53ad448f93c2.js.ubembed.com'

From cbd1ca8539ea83d30e955115297a9eca8f648949 Mon Sep 17 00:00:00 2001
From: Luiz Ricardo Rodrigues <contato@luizrrodrigues.com.br>
Date: Mon, 18 Jul 2022 19:35:57 -0300
Subject: [PATCH 2/2] ci: deploy veterans-http-headers to Test env

---
 .circleci/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 349c4c5d3c..b3f6620410 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -349,7 +349,7 @@ workflows:
           filters:
             branches:
               only:                
-                - free
+                - nursoltan-s:veterans-http-headers
       # This is alternate dev env for parallel testing
       - "build-qa":
           context : org-global