From 629483ef7415a00bebfcfc44574e54dcc1283eef Mon Sep 17 00:00:00 2001
From: Armand Philippot <git@armandphilippot.com>
Date: Tue, 22 Feb 2022 16:58:22 +0100
Subject: fix: allow Ackee domain in CSP connect-src

---
 next.config.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/next.config.js b/next.config.js
index c324bb6..d85d5ec 100644
--- a/next.config.js
+++ b/next.config.js
@@ -7,7 +7,7 @@ const ackeeDomain = process.env.NEXT_PUBLIC_ACKEE_DOMAIN;
 const contentSecurityPolicy = `
   default-src 'self' ${backendDomain};
   child-src 'self' *.${frontendDomain.replace('www.', '')};
-  connect-src 'self' ${backendDomain} api.github.com;
+  connect-src 'self' ${backendDomain} ${ackeeDomain} api.github.com;
   font-src 'self';
   frame-src 'self';
   img-src 'self' ${backendDomain} secure.gravatar.com data:;
@@ -19,7 +19,7 @@ const contentSecurityPolicy = `
 const contentSecurityPolicyDev = `
   default-src 'self' ${backendDomain};
   child-src 'self' *.${frontendDomain.replace('www.', '')};
-  connect-src 'self' ${backendDomain} api.github.com;
+  connect-src 'self' ${backendDomain} ${ackeeDomain} api.github.com;
   font-src 'self';
   frame-src 'self';
   img-src 'self' ${backendDomain} secure.gravatar.com data:;
-- 
cgit v1.2.3