Dynamically add sentry and logrocket domains to CSP whitelist (#156)

Co-authored-by: Benjamin Rosenberger <[email protected]>

Author: brosenberger

Model/Collector/SentryRelatedCspCollector.php

@@ -0,0 +1,52 @@
+<?php
+
+namespace JustBetter\Sentry\Model\Collector;
+
+use JustBetter\Sentry\Helper\Data as DataHelper;
+use Magento\Csp\Api\PolicyCollectorInterface;
+use Magento\Csp\Model\Policy\FetchPolicy;
+
+class SentryRelatedCspCollector implements PolicyCollectorInterface
+{
+    /**
+     * @param DataHelper $dataHelper
+     */
+    public function __construct(
+        private DataHelper $dataHelper
+    ) {
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function collect(array $defaultPolicies = []): array
+    {
+        $policies = $defaultPolicies;
+        if (!$this->dataHelper->isActive()) {
+            return $policies;
+        }
+
+        if ($this->dataHelper->useScriptTag() || $this->dataHelper->useSessionReplay()) {
+            $policies[] = new FetchPolicy(
+                'script-src',
+                false,
+                ['https://browser.sentry-cdn.com']
+            );
+            $policies[] = new FetchPolicy(
+                'connect-src',
+                false,
+                ['https://*.ingest.sentry.io']
+            );
+        }
+
+        if ($this->dataHelper->useLogrocket()) {
+            $policies[] = new FetchPolicy(
+                'script-src',
+                false,
+                ['https://cdn.lr-ingest.io']
+            );
+        }
+
+        return $policies;
+    }
+}

etc/csp_whitelist.xml

@@ -34,4 +34,13 @@
         <plugin name="LogrocketCustomerInfo" type="JustBetter\Sentry\Plugin\LogrocketCustomerInfo"
                 sortOrder="10" disabled="false"/>
     </type>
+
+    <type name="Magento\Csp\Model\CompositePolicyCollector">
+        <arguments>
+            <argument name="collectors" xsi:type="array">
+                <item name="sentry" xsi:type="object" sortOrder="99">JustBetter\Sentry\Model\Collector\SentryRelatedCspCollector\Proxy</item>
+            </argument>
+        </arguments>
+    </type>
+
 </config>