From 003bfdccdbc882970fdd11222bfbcb22350a7a0b Mon Sep 17 00:00:00 2001
From: acnormun <anaclara.noronha@weni.ai>
Date: Thu, 7 Nov 2024 11:47:23 -0300
Subject: [PATCH 1/5] fix: allow emoji api

---
 nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index 5038c64f..c0dbc859 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -29,7 +29,7 @@ http {
     set $CSP_SCRIPT "script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com accounts.google.com connect.facebook.net *.hotjar.com www.google-analytics.com cdn.logr-ingest.com";
     set $CSP_STYLE "style-src 'self' 'unsafe-hashes' 'unsafe-inline' ilhasoft.com.br accounts.google.com fonts.googleapis.com";
     set $CSP_FONT "font-src 'self' data: fonts.gstatic.com";
-    set $CSP_IMAGE "img-src 'self' data: blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org";
+    set $CSP_IMAGE "img-src 'self' data: blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org https://cdn.jsdelivr.net/npm/emoji-datasource-apple@14.0.0";
     set $CSP_CONNECT "connect-src 'self' blob: *.weni.ai *.bothub.it accounts.google.com www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io";
     set $CSP_FRAME_SRC "frame-src 'self' *.weni.ai https://td.doubleclick.net";
     set $CSP_WORKER_SRC "worker-src data: blob:";

From b8413f2cca5df86a73de1c1b7a06d574c25ae4ee Mon Sep 17 00:00:00 2001
From: acnormun <anaclara.noronha@weni.ai>
Date: Thu, 7 Nov 2024 12:30:41 -0300
Subject: [PATCH 2/5] fix: cdn url

---
 nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index c0dbc859..7fd6f68a 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -29,7 +29,7 @@ http {
     set $CSP_SCRIPT "script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com accounts.google.com connect.facebook.net *.hotjar.com www.google-analytics.com cdn.logr-ingest.com";
     set $CSP_STYLE "style-src 'self' 'unsafe-hashes' 'unsafe-inline' ilhasoft.com.br accounts.google.com fonts.googleapis.com";
     set $CSP_FONT "font-src 'self' data: fonts.gstatic.com";
-    set $CSP_IMAGE "img-src 'self' data: blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org https://cdn.jsdelivr.net/npm/emoji-datasource-apple@14.0.0";
+    set $CSP_IMAGE "img-src 'self' data: blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org https://cdn.jsdelivr.net";
     set $CSP_CONNECT "connect-src 'self' blob: *.weni.ai *.bothub.it accounts.google.com www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io";
     set $CSP_FRAME_SRC "frame-src 'self' *.weni.ai https://td.doubleclick.net";
     set $CSP_WORKER_SRC "worker-src data: blob:";

From 7418e5e3c14ae7b447701eb2e60c5bd63e3b52cc Mon Sep 17 00:00:00 2001
From: acnormun <anaclara.noronha@weni.ai>
Date: Thu, 7 Nov 2024 12:59:57 -0300
Subject: [PATCH 3/5] chore: add data to connect security police

---
 nginx.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nginx.conf b/nginx.conf
index 7fd6f68a..a7e6c31f 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -29,8 +29,8 @@ http {
     set $CSP_SCRIPT "script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com accounts.google.com connect.facebook.net *.hotjar.com www.google-analytics.com cdn.logr-ingest.com";
     set $CSP_STYLE "style-src 'self' 'unsafe-hashes' 'unsafe-inline' ilhasoft.com.br accounts.google.com fonts.googleapis.com";
     set $CSP_FONT "font-src 'self' data: fonts.gstatic.com";
-    set $CSP_IMAGE "img-src 'self' data: blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org https://cdn.jsdelivr.net";
-    set $CSP_CONNECT "connect-src 'self' blob: *.weni.ai *.bothub.it accounts.google.com www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io";
+    set $CSP_IMAGE "img-src 'self' data:  blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org https://cdn.jsdelivr.net";
+    set $CSP_CONNECT "connect-src 'self' data: blob: *.weni.ai *.bothub.it accounts.google.com www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io";
     set $CSP_FRAME_SRC "frame-src 'self' *.weni.ai https://td.doubleclick.net";
     set $CSP_WORKER_SRC "worker-src data: blob:";
     set $CSP_FRAME_ANCESTORS "frame-ancestors 'self' *.weni.ai";

From 667baa6cdcb8203331ae36af98190de506cff646 Mon Sep 17 00:00:00 2001
From: acnormun <anaclara.noronha@weni.ai>
Date: Thu, 7 Nov 2024 15:22:48 -0300
Subject: [PATCH 4/5] chore: add wpp app security police

---
 nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index a7e6c31f..57c128b4 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -30,7 +30,7 @@ http {
     set $CSP_STYLE "style-src 'self' 'unsafe-hashes' 'unsafe-inline' ilhasoft.com.br accounts.google.com fonts.googleapis.com";
     set $CSP_FONT "font-src 'self' data: fonts.gstatic.com";
     set $CSP_IMAGE "img-src 'self' data:  blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org https://cdn.jsdelivr.net";
-    set $CSP_CONNECT "connect-src 'self' data: blob: *.weni.ai *.bothub.it accounts.google.com www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io";
+    set $CSP_CONNECT "connect-src 'self' data: blob: *.weni.ai *.bothub.it accounts.google.com www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io https://pps.whatsapp.net/";
     set $CSP_FRAME_SRC "frame-src 'self' *.weni.ai https://td.doubleclick.net";
     set $CSP_WORKER_SRC "worker-src data: blob:";
     set $CSP_FRAME_ANCESTORS "frame-ancestors 'self' *.weni.ai";

From 902b604956d5d2f598fc4225bedc2d407a5a635f Mon Sep 17 00:00:00 2001
From: acnormun <anaclara.noronha@weni.ai>
Date: Thu, 7 Nov 2024 15:47:38 -0300
Subject: [PATCH 5/5] chore: add qrserver api security policy

---
 nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index 57c128b4..c622d17a 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -29,7 +29,7 @@ http {
     set $CSP_SCRIPT "script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com accounts.google.com connect.facebook.net *.hotjar.com www.google-analytics.com cdn.logr-ingest.com";
     set $CSP_STYLE "style-src 'self' 'unsafe-hashes' 'unsafe-inline' ilhasoft.com.br accounts.google.com fonts.googleapis.com";
     set $CSP_FONT "font-src 'self' data: fonts.gstatic.com";
-    set $CSP_IMAGE "img-src 'self' data:  blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org https://cdn.jsdelivr.net";
+    set $CSP_IMAGE "img-src 'self' data:  blob: www.google-analytics.com www.google.com.br www.googletagmanager.com *.amazonaws.com https://tile.openstreetmap.org https://cdn.jsdelivr.net https://api.qrserver.com/";
     set $CSP_CONNECT "connect-src 'self' data: blob: *.weni.ai *.bothub.it accounts.google.com www.google-analytics.com analytics.google.com *.hotjar.io wss://ws.hotjar.com https://cdn.plyr.io https://pps.whatsapp.net/";
     set $CSP_FRAME_SRC "frame-src 'self' *.weni.ai https://td.doubleclick.net";
     set $CSP_WORKER_SRC "worker-src data: blob:";