From eb7b677feff96c438295ba39cf21bf848294076a Mon Sep 17 00:00:00 2001 From: Zineb El Bachiri <100568984+gozineb@users.noreply.github.com> Date: Wed, 6 Sep 2023 11:40:07 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=91=20add=20growthbook=20to=20csp=20he?= =?UTF-8?q?aders=20(#1117)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- frontend/next.config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/next.config.js b/frontend/next.config.js index 44c5b8b596d6..c61a8c1cfd6d 100644 --- a/frontend/next.config.js +++ b/frontend/next.config.js @@ -16,7 +16,7 @@ const nextConfig = { const ContentSecurityPolicy = ` default-src 'self' https://fonts.googleapis.com ${process.env.NEXT_PUBLIC_SUPABASE_URL} https://api.june.so https://www.quivr.app/; - connect-src 'self' ${process.env.NEXT_PUBLIC_SUPABASE_URL} ${process.env.NEXT_PUBLIC_BACKEND_URL} https://api.june.so https://api.openai.com; + connect-src 'self' ${process.env.NEXT_PUBLIC_SUPABASE_URL} ${process.env.NEXT_PUBLIC_BACKEND_URL} https://api.june.so https://api.openai.com https://cdn.growthbook.io; img-src 'self' data:; media-src 'self' https://user-images.githubusercontent.com; script-src 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com/ https://www.quivr.app/;