From 087784210765fab775660e7160ce3e54647aa8ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=B6rdle=20Bot?= <bot@hoerdle.local>
Date: Tue, 25 Nov 2025 22:34:32 +0100
Subject: [PATCH] feat: add plausible.elpatron.me to CSP script-src and
 connect-src directives.

---
 middleware.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/middleware.ts b/middleware.ts
index cb704ee..18047ac 100644
--- a/middleware.ts
+++ b/middleware.ts
@@ -25,11 +25,11 @@ export function middleware(request: NextRequest) {
     // Content Security Policy
     const csp = [
         "default-src 'self'",
-        "script-src 'self' 'unsafe-inline' 'unsafe-eval'", // Next.js requires unsafe-inline/eval
+        "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.elpatron.me", // Next.js requires unsafe-inline/eval
         "style-src 'self' 'unsafe-inline'", // Allow inline styles
         "img-src 'self' data: blob:",
         "font-src 'self' data:",
-        "connect-src 'self' https://openrouter.ai https://gotify.example.com",
+        "connect-src 'self' https://openrouter.ai https://gotify.example.com https://plausible.elpatron.me",
         "media-src 'self' blob:",
         "frame-ancestors 'self'",
     ].join('; ');