Merge pull request #851 from weni-ai/nexus-1186-aws-in-CSP

[Nexus-1186] Adds Amazon S3 in Content Security Policy

nginx.conf

@@ -29,8 +29,8 @@ http {
     set $CSP_SCRIPT "script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com  www.googletagmanager.com storage.googleapis.com";
     set $CSP_STYLE "style-src 'self' 'unsafe-hashes' 'unsafe-inline' fonts.googleapis.com";
     set $CSP_FONT "font-src 'self' fonts.gstatic.com";
-    set $CSP_IMAGE "img-src 'self' data: www.google.com.br www.googletagmanager.com";
-    set $CSP_CHILD "child-src 'self' *.weni.ai m.stripe.network js.stripe.com";
+    set $CSP_IMAGE "img-src 'self' data: www.google.com.br www.googletagmanager.com *.amazonaws.com";
+    set $CSP_CHILD "child-src 'self' *.weni.ai m.stripe.network js.stripe.com *.amazonaws.com";
     set $CSP_CONNECT "connect-src 'self' *.weni.ai www.google-analytics.com analytics.google.com";
 
     add_header Content-Security-Policy "${CSP_DEFAULT}; ${CSP_SCRIPT}; ${CSP_STYLE}; ${CSP_FONT}; ${CSP_IMAGE}; ${CSP_CHILD}; ${CSP_CONNECT};";