addDirective(Directive::FONT, env('APP_URL')) ->addDirective(Directive::MEDIA, [ 'blob:', env('APP_URL'), 'https://scontent.cdninstagram.com', ]) ->addDirective(Directive::SCRIPT, [ "'self'", "'unsafe-eval'", "'unsafe-inline'", 'https://www.googletagmanager.com', 'https://www.google-analytics.com', 'https://www.youtube.com', 'https://www.youtube.com/iframe_api', 'https://www.instagram.com', 'https://www.facebook.com', ]) ->addDirective(Directive::FRAME, [ 'www.youtube.com', '*.brentwood.ca', 'my.matterport.com', 'brentwood.myschoolapp.com', 'www.googletagmanager.com', 'td.doubleclick.net', 'www.instagram.com', 'www.facebook.com', ]) ->addDirective(Directive::IMG, [ 'www.google.com', 'www.google.ca', 'www.googletagmanager.com', '*.googleusercontent.com', '*.ytimg.com', '*.fbcdn.net', '*.cdninstagram.com', ]) ->addDirective(Directive::WORKER, [ "'self'", 'blob:', ]) ->addDirective(Directive::STYLE, [ "'self'", "'unsafe-inline'", 'https://www.instagram.com', ]) ->addDirective(Directive::CONNECT, [ 'www.google-analytics.com', 'https://analytics.google.com', 'https://www.google.com', 'https://pagead2.googlesyndication.com', 'https://googleads.g.doubleclick.net', 'wss://' . env('VITE_PUSHER_HOST'), ]); if (Str::contains(auth()->user()?->email, 'brentwood.ca')) { $this->addDirective(Directive::FORM_ACTION, [ '*.ebsco.com', '*.ebscohost.com', '*.ebsco.zone', 'brentwoodcollege.okta.com', ]); } if (env('APP_DEBUG')) { $this->addDirective(Directive::SCRIPT, '127.0.0.1'); $this->addDirective(Directive::FONT, 'http://127.0.0.1:5173'); $this->addDirective(Directive::CONNECT, 'ws://127.0.0.1:5173'); $this->reportOnly(); } } }