0-wiz-0
diff --git a/‎content/developers/apps/scopes-for-oauth-apps.md
+2-2 b/‎content/developers/apps/scopes-for-oauth-apps.md
+2-2
diff --git a/‎lib/warm-server.js
+2-2 b/‎lib/warm-server.js
+2-2
diff --git a/‎middleware/contextualizers/graphql.js
+6-3 b/‎middleware/contextualizers/graphql.js
+6-3
diff --git a/‎middleware/contextualizers/webhooks.js
+7-3 b/‎middleware/contextualizers/webhooks.js
+7-3
diff --git a/‎middleware/csp.js
+3-1 b/‎middleware/csp.js
+3-1
@@ -46,8 +46,8 @@ Name | Description
 &emsp;`repo_deployment`| Grants access to [deployment statuses](/rest/reference/repos#deployments) for public and private repositories. This scope is only necessary to grant other users or services access to deployment statuses, *without* granting access to the code.
 &emsp;`public_repo`| Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories.
 &emsp;`repo:invite` | Grants accept/decline abilities for invitations to collaborate on a repository. This scope is only necessary to grant other users or services access to invites *without* granting access to the code.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "[email protected]" %}
-&emsp;`security_events` | Grants: <br/> read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning). <br/> read and write access to security events in the [{% data variables.product.prodname_secret_scanning %} API](/rest/reference/secret-scanning).{% endif %}{% if currentVersion ver_gt "[email protected]" and currentVersion ver_lt "[email protected]" %}
-&emsp;`security_events` | Grants read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning).{% endif %}
+&emsp;`security_events` | Grants: <br/> read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning) <br/> read and write access to security events in the [{% data variables.product.prodname_secret_scanning %} API](/rest/reference/secret-scanning) <br/> This scope is only necessary to grant other users or services access to security events *without* granting access to the code.{% endif %}{% if currentVersion ver_gt "[email protected]" and currentVersion ver_lt "[email protected]" %}
+&emsp;`security_events` | Grants read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning). This scope is only necessary to grant other users or services access to security events *without* granting access to the code.{% endif %}
 **`admin:repo_hook`** | Grants read, write, ping, and delete access to repository hooks in public and private repositories. The `repo` and `public_repo` scopes grants full access to repositories, including repository hooks. Use the `admin:repo_hook` scope to limit access to only repository hooks.
 &emsp;`write:repo_hook` | Grants read, write, and ping access to hooks in public or private repositories.
 &emsp;`read:repo_hook`| Grants read and ping access to hooks in public or private repositories.
 
@@ -7,8 +7,8 @@ const loadSiteTree = require('./site-tree')
 // Instrument these functions so that
 // it's wrapped in a timer that reports to Datadog
 const dog = {
-  loadPages: statsd.timer(loadPages, 'load_pages'),
-  loadPageMap: statsd.timer(loadPageMap, 'load_page_map'),
+  loadPages: statsd.asyncTimer(loadPages, 'load_pages'),
+  loadPageMap: statsd.asyncTimer(loadPageMap, 'load_page_map'),
   loadRedirects: statsd.timer(loadRedirects, 'load_redirects'),
   loadSiteData: statsd.timer(loadSiteData, 'load_site_data'),
   loadSiteTree: statsd.asyncTimer(loadSiteTree, 'load_site_tree')
 
@@ -9,14 +9,17 @@ const explorerUrl = process.env.NODE_ENV === 'production'
   : 'http://localhost:3000'
 
 module.exports = async (req, res, next) => {
+  const currentVersionObj = allVersions[req.context.currentVersion]
   // ignore requests to non-GraphQL reference paths
-  if (!req.path.includes('/graphql/')) return next()
-
+  // and to versions that don't exist
+  if (!req.path.includes('/graphql/') || !currentVersionObj) {
+    return next()
+  }
   // Get the relevant name of the GraphQL schema files for the current version
   // For example, free-pro-team@latest corresponds to dotcom,
   // [email protected] corresponds to ghes-2.22,
   // and github-ae@latest corresponds to ghae
-  const graphqlVersion = allVersions[req.context.currentVersion].miscVersionName
+  const graphqlVersion = currentVersionObj.miscVersionName
 
   req.context.graphql = {
     schemaForCurrentVersion: require(`../../lib/graphql/static/schema-${graphqlVersion}`),
 
@@ -5,14 +5,18 @@ const nonEnterpriseDefaultVersion = require('../../lib/non-enterprise-default-ve
 const allVersions = require('../../lib/all-versions')
 
 module.exports = async (req, res, next) => {
-  if (!req.path.includes('webhook')) return next()
+  const currentVersionObj = allVersions[req.context.currentVersion]
+  // ignore requests to non-webhook reference paths
+  // and to versions that don't exist
+  if (!req.path.includes('webhook') || !currentVersionObj) {
+    return next()
+  }
 
   // Get the name of the dir under lib/webhooks/static
   // For example, free-pro-team@latest corresponds to dotcom,
   // [email protected] corresponds to ghes-2.22,
   // and github-ae@latest corresponds to ghae
-  if (!allVersions[req.context.currentVersion]) return next()
-  const webhookPayloadDir = allVersions[req.context.currentVersion].miscVersionName
+  const webhookPayloadDir = currentVersionObj.miscVersionName
 
   const webhookPayloadsForCurrentVersion = webhookPayloads[webhookPayloadDir]
 
 
@@ -56,7 +56,9 @@ module.exports = async (req, res, next) => {
 
   // Exception for Algolia instantsearch in deprecated Enterprise docs (Node.js era)
   if (versionSatisfiesRange(requestedVersion, '<=2.19') && versionSatisfiesRange(requestedVersion, '>2.12')) {
-    csp.directives.scriptSrc.push("'unsafe-eval'")
+    csp.directives.scriptSrc.push("'unsafe-eval'", "'unsafe-inline'", 'http://www.google-analytics.com', 'https://ssl.google-analytics.com')
+    csp.directives.connectSrc.push('https://www.google-analytics.com')
+    csp.directives.imgSrc.push('http://www.google-analytics.com', 'https://ssl.google-analytics.com')
   }
 
   // Exception for search in deprecated Enterprise docs <=2.12 (static site era)
Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,9 @@ module.exports = async (req, res, next) => {`
`56`	`56`
`57`	`57`	`// Exception for Algolia instantsearch in deprecated Enterprise docs (Node.js era)`
`58`	`58`	`if (versionSatisfiesRange(requestedVersion, '<=2.19') && versionSatisfiesRange(requestedVersion, '>2.12')) {`
`59`		`- csp.directives.scriptSrc.push("'unsafe-eval'")`
	`59`	`+ csp.directives.scriptSrc.push("'unsafe-eval'", "'unsafe-inline'", 'http://www.google-analytics.com', 'https://ssl.google-analytics.com')`
	`60`	`+ csp.directives.connectSrc.push('https://www.google-analytics.com')`
	`61`	`+ csp.directives.imgSrc.push('http://www.google-analytics.com', 'https://ssl.google-analytics.com')`
`60`	`62`	`}`
`61`	`63`
`62`	`64`	`// Exception for search in deprecated Enterprise docs <=2.12 (static site era)`