feat: add plausible.elpatron.me to CSP script-src and connect-src directives.

2025-11-25 22:34:32 +01:00
parent a5cbbffc20
commit 0877842107
1 changed files with 2 additions and 2 deletions
--- a/middleware.ts
+++ b/middleware.ts
@@ -25,11 +25,11 @@ export function middleware(request: NextRequest) {
    // Content Security Policy
    const csp = [
        "default-src 'self'",
-        "script-src 'self' 'unsafe-inline' 'unsafe-eval'", // Next.js requires unsafe-inline/eval
+        "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.elpatron.me", // Next.js requires unsafe-inline/eval
        "style-src 'self' 'unsafe-inline'", // Allow inline styles
        "img-src 'self' data: blob:",
        "font-src 'self' data:",
-        "connect-src 'self' https://openrouter.ai https://gotify.example.com",
+        "connect-src 'self' https://openrouter.ai https://gotify.example.com https://plausible.elpatron.me",
        "media-src 'self' blob:",
        "frame-ancestors 'self'",
    ].join('; ');