[x/go.dev] update CSP with generated

Change-Id: Ide640349d91fbf09c123a9f51c10a02557ff263e

X-GoDev-Commit: 50fe7ebfc1385a6b16ffe8b6040dc0879494640e

3 files changed, 9 insertions, 9 deletions

diff --git a/go.dev/app.staging.yaml b/go.dev/app.staging.yaml
index b0ba090a..9de2c7bd 100644
--- a/go.dev/app.staging.yaml
+++ b/go.dev/app.staging.yaml
@@ -8,7 +8,7 @@ handlers:
     upload: public/index.html
     http_headers:
       # Please use cmd/gencsp to generate this.
-      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
+      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com stats.g.doubleclick.net; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com apis.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
 
   - url: /(explore|learn)
     secure: always
@@ -26,7 +26,7 @@ handlers:
     upload: public/(.*)
     http_headers:
       # Please use cmd/gencsp to generate this.
-      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
+      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com stats.g.doubleclick.net; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com apis.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
 
   # Handle arbitrary paths with an index.html, special casing the trailing slash.
   - url: /(.*)/
@@ -34,7 +34,7 @@ handlers:
     upload: public/(.*)/index.html
     http_headers:
       # Please use cmd/gencsp to generate this.
-      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
+      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com stats.g.doubleclick.net; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com apis.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
 
   # Handle arbitrary paths with an index.html
   - url: /(.*)
@@ -42,7 +42,7 @@ handlers:
     upload: public/(.*)/index.html
     http_headers:
       # Please use cmd/gencsp to generate this.
-      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
+      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com stats.g.doubleclick.net; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com apis.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
 
   - url: /.*
     secure: always
diff --git a/go.dev/app.yaml b/go.dev/app.yaml
index 159cd094..fc6b1b51 100644
--- a/go.dev/app.yaml
+++ b/go.dev/app.yaml
@@ -8,7 +8,7 @@ handlers:
     upload: public/index.html
     http_headers:
       # Please use cmd/gencsp to generate this.
-      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
+      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com stats.g.doubleclick.net; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com apis.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
 
   - url: /(explore|learn)
     secure: always
@@ -26,7 +26,7 @@ handlers:
     upload: public/(.*)
     http_headers:
       # Please use cmd/gencsp to generate this.
-      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
+      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com stats.g.doubleclick.net; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com apis.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
 
   # Handle arbitrary paths with an index.html, special casing the trailing slash.
   - url: /(.*)/
@@ -34,7 +34,7 @@ handlers:
     upload: public/(.*)/index.html
     http_headers:
       # Please use cmd/gencsp to generate this.
-      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
+      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com stats.g.doubleclick.net; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com apis.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
 
   # Handle arbitrary paths with an index.html
   - url: /(.*)
@@ -42,7 +42,7 @@ handlers:
     upload: public/(.*)/index.html
     http_headers:
       # Please use cmd/gencsp to generate this.
-      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
+      Content-Security-Policy: "connect-src https://golang.org www.google-analytics.com stats.g.doubleclick.net; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'none'; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com data: *; object-src 'none'; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com apis.google.com www.gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com tagmanager.google.com;"
 
   - url: /.*
     secure: always
diff --git a/go.dev/cmd/gencsp/main.go b/go.dev/cmd/gencsp/main.go
index 6fe3e963..cd167f2d 100644
--- a/go.dev/cmd/gencsp/main.go
+++ b/go.dev/cmd/gencsp/main.go
@@ -33,7 +33,7 @@ var csp = map[string][]string{
 	"connect-src": {
 		"https://golang.org",
 		"www.google-analytics.com",
-		"https://stats.g.doubleclick.net/",
+		"stats.g.doubleclick.net",
 	},
 	"default-src": {
 		self,