Merge branch 'main' into fix-csp-and-posthog-init

2025-12-10 04:22:18 +00:00 · 2025-01-11 09:35:34 +05:30
parent 16ed9c037c b342640104
commit 14882a59c2
9 changed files with 283 additions and 6 deletions
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -40,7 +40,7 @@ const securityheaders: Handle = async ({ event, resolve }) => {

    const cspDirectives = [
        "default-src 'self'",
-        "script-src 'self' 'unsafe-inline' 'unsafe-eval'",
+        "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.posthog.com",
        "style-src 'self' 'unsafe-inline'",
        "img-src 'self' data: https:",
        "font-src 'self'",
@@ -50,7 +50,7 @@ const securityheaders: Handle = async ({ event, resolve }) => {
        "frame-ancestors 'self' https://www.youtube.com https://*.vimeo.com",
        'block-all-mixed-content',
        'upgrade-insecure-requests',
-        "connect-src 'self' https://*.appwrite.io", // example: cloud, growth, etc.
+        "connect-src 'self' https://*.appwrite.io https://*.posthog.com",
        "frame-src 'self' https://www.youtube.com https://status.appwrite.online https://www.youtube-nocookie.com https://player.vimeo.com"
    ];