From a1d4e86b9646c8913b71b8078cb7c41391f8d01b Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <r.haferkamp@opencloud.eu>
Date: Wed, 1 Apr 2026 12:17:31 +0200
Subject: [PATCH] devtools: sync csp.yaml with opencloud-compose repo

---
 .../multi-tenancy/config/opencloud/csp.yaml         | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/devtools/deployments/multi-tenancy/config/opencloud/csp.yaml b/devtools/deployments/multi-tenancy/config/opencloud/csp.yaml
index 9314c97fb4..cde4b1ef8a 100644
--- a/devtools/deployments/multi-tenancy/config/opencloud/csp.yaml
+++ b/devtools/deployments/multi-tenancy/config/opencloud/csp.yaml
@@ -4,10 +4,11 @@ directives:
   connect-src:
     - '''self'''
     - 'blob:'
-    - 'https://${COMPANION_DOMAIN|companion.opencloud.test}/'
-    - 'wss://${COMPANION_DOMAIN|companion.opencloud.test}/'
+    - 'https://${COMPANION_DOMAIN|companion.opencloud.test}${TRAEFIK_PORT_HTTPS}/'
+    - 'wss://${COMPANION_DOMAIN|companion.opencloud.test}${TRAEFIK_PORT_HTTPS}/'
     - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/'
-    - 'https://${IDP_DOMAIN|keycloak.opencloud.test}/'
+    - 'https://${IDP_DOMAIN|keycloak.opencloud.test}${TRAEFIK_PORT_HTTPS}/'
+    - 'https://update.opencloud.eu/'
   default-src:
     - '''none'''
   font-src:
@@ -19,7 +20,7 @@ directives:
     - 'blob:'
     - 'https://embed.diagrams.net/'
     # In contrary to bash and docker the default is given after the | character
-    - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/'
+    - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}${TRAEFIK_PORT_HTTPS}/'
     # This is needed for the external-sites web extension when embedding sites
     - 'https://docs.opencloud.eu'
   img-src:
@@ -27,8 +28,9 @@ directives:
     - 'data:'
     - 'blob:'
     - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/'
+    - 'https://tile.openstreetmap.org/'
     # In contrary to bash and docker the default is given after the | character
-    - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/'
+    - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}${TRAEFIK_PORT_HTTPS}/'
   manifest-src:
     - '''self'''
   media-src:
@@ -39,6 +41,7 @@ directives:
   script-src:
     - '''self'''
     - '''unsafe-inline'''
+    - 'https://${IDP_DOMAIN|keycloak.opencloud.test}${TRAEFIK_PORT_HTTPS}/'
   style-src:
     - '''self'''
     - '''unsafe-inline'''