fix: allow Ackee domain in CSP connect-src

author: Armand Philippot <git@armandphilippot.com> 2022-02-22 16:58:22 +0100
committer: Armand Philippot <git@armandphilippot.com> 2022-02-22 16:58:22 +0100
commit: 629483ef7415a00bebfcfc44574e54dcc1283eef (patch)
tree: 1bca398e793d694bb32ac81d30020d32d002a581 /next.config.js
parent: 15178f18b83d96073060d44e114a707919028546 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/next.config.js b/next.config.js
index c324bb6..d85d5ec 100644
--- a/next.config.js
+++ b/next.config.js
@@ -7,7 +7,7 @@ const ackeeDomain = process.env.NEXT_PUBLIC_ACKEE_DOMAIN;
 const contentSecurityPolicy = `
   default-src 'self' ${backendDomain};
   child-src 'self' *.${frontendDomain.replace('www.', '')};
-  connect-src 'self' ${backendDomain} api.github.com;
+  connect-src 'self' ${backendDomain} ${ackeeDomain} api.github.com;
   font-src 'self';
   frame-src 'self';
   img-src 'self' ${backendDomain} secure.gravatar.com data:;
@@ -19,7 +19,7 @@ const contentSecurityPolicy = `
 const contentSecurityPolicyDev = `
   default-src 'self' ${backendDomain};
   child-src 'self' *.${frontendDomain.replace('www.', '')};
-  connect-src 'self' ${backendDomain} api.github.com;
+  connect-src 'self' ${backendDomain} ${ackeeDomain} api.github.com;
   font-src 'self';
   frame-src 'self';
   img-src 'self' ${backendDomain} secure.gravatar.com data:;
author	Armand Philippot <git@armandphilippot.com>	2022-02-22 16:58:22 +0100
committer	Armand Philippot <git@armandphilippot.com>	2022-02-22 16:58:22 +0100
commit	629483ef7415a00bebfcfc44574e54dcc1283eef (patch)
tree	1bca398e793d694bb32ac81d30020d32d002a581 /next.config.js
parent	15178f18b83d96073060d44e114a707919028546 (diff)