From 12053c74caf56db88d41fe4b1ff4007418b1c4cf Mon Sep 17 00:00:00 2001
From: Timmy Willison <timmywil@users.noreply.github.com>
Date: Mon, 16 Dec 2024 10:20:17 -0500
Subject: [PATCH] jqueryui.com: add CSP exceptions for download builder

Ref https://github.com/jquery/infrastructure-puppet/issues/54
Closes gh-475
---
 themes/jqueryui.com/functions.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/themes/jqueryui.com/functions.php b/themes/jqueryui.com/functions.php
index a4788a0c..84fb96e6 100644
--- a/themes/jqueryui.com/functions.php
+++ b/themes/jqueryui.com/functions.php
@@ -3,10 +3,14 @@
 require_once __DIR__ . '/functions.content.php';
 
 // Allow inline scripts on https://jqueryui.com/themeroller/
+// Load scripts from download.jqueryui.com on https://jqueryui.com/download/
 // Load styles from download.jqueryui.com on https://jqueryui.com/themeroller/
 // Load images from download.jqueryui.com on https://jqueryui.com/themeroller/
+// Allow form actions to download.jqueryui.com on https://jqueryui.com/download/
 add_filter( 'jq_content_security_policy', function ( $policy ) {
+	$policy[ 'script-src' ] = "'self' code.jquery.com download.jqueryui.com";
 	$policy[ 'style-src' ] = "'self' 'unsafe-inline' code.jquery.com download.jqueryui.com";
 	$policy[ 'img-src' ] = "'self' data: code.jquery.com download.jqueryui.com";
+	$policy[ 'form-action' ] = "'self' download.jqueryui.com";
 	return $policy;
 } );