fix: csp (#2016)

added preview env

# Description

Please include a summary of the changes and the related issue. Please
also include relevant motivation and context.

## Checklist before requesting a review

Please delete options that are not relevant.

- [ ] My code follows the style guidelines of this project
- [ ] I have performed a self-review of my code
- [ ] I have commented hard-to-understand areas
- [ ] I have ideally added tests that prove my fix is effective or that
my feature works
- [ ] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged

## Screenshots (if appropriate):

backend/chat_service.py

@@ -1,42 +0,0 @@
-from packages.utils.handle_request_validation_error import (
-    handle_request_validation_error,
-)
-
-if __name__ == "__main__":
-    # import needed here when running main.py to debug backend
-    # you will need to run pip install python-dotenv
-    from dotenv import load_dotenv  # type: ignore
-
-    load_dotenv()
-from fastapi import FastAPI, HTTPException
-from fastapi.responses import JSONResponse
-from logger import get_logger
-from middlewares.cors import add_cors_middleware
-from modules.chat.controller import chat_router
-from modules.misc.controller import misc_router
-
-logger = get_logger(__name__)
-
-app = FastAPI()
-
-add_cors_middleware(app)
-
-app.include_router(chat_router)
-app.include_router(misc_router)
-
-
-@app.exception_handler(HTTPException)
-async def http_exception_handler(_, exc):
-    return JSONResponse(
-        status_code=exc.status_code,
-        content={"detail": exc.detail},
-    )
-
-
-handle_request_validation_error(app)
-
-if __name__ == "__main__":
-    # run main.py to debug backend
-    import uvicorn
-
-    uvicorn.run(app, host="0.0.0.0", port=5050)

backend/crawl_service.py

@@ -1,40 +0,0 @@
-from packages.utils import handle_request_validation_error
-
-if __name__ == "__main__":
-    # import needed here when running main.py to debug backend
-    # you will need to run pip install python-dotenv
-    from dotenv import load_dotenv  # type: ignore
-
-    load_dotenv()
-from fastapi import FastAPI, HTTPException
-from fastapi.responses import JSONResponse
-from logger import get_logger
-from middlewares.cors import add_cors_middleware
-from modules.misc.controller import misc_router
-from routes.crawl_routes import crawl_router
-
-logger = get_logger(__name__)
-app = FastAPI()
-
-add_cors_middleware(app)
-
-
-app.include_router(crawl_router)
-app.include_router(misc_router)
-
-
-@app.exception_handler(HTTPException)
-async def http_exception_handler(_, exc):
-    return JSONResponse(
-        status_code=exc.status_code,
-        content={"detail": exc.detail},
-    )
-
-
-handle_request_validation_error(app)
-
-if __name__ == "__main__":
-    # run main.py to debug backend
-    import uvicorn
-
-    uvicorn.run(app, host="0.0.0.0", port=5050)

backend/upload_service.py

@@ -1,50 +0,0 @@
-import os
-
-from packages.utils import handle_request_validation_error
-
-if __name__ == "__main__":
-    # import needed here when running main.py to debug backend
-    # you will need to run pip install python-dotenv
-    from dotenv import load_dotenv  # type: ignore
-
-    load_dotenv()
-import pypandoc
-from fastapi import FastAPI, HTTPException
-from fastapi.responses import JSONResponse
-from logger import get_logger
-from middlewares.cors import add_cors_middleware
-from modules.misc.controller import misc_router
-from modules.upload.controller import upload_router
-
-logger = get_logger(__name__)
-app = FastAPI()
-
-
-@app.on_event("startup")
-async def startup_event():
-    if not os.path.exists(pypandoc.get_pandoc_path()):
-        pypandoc.download_pandoc()
-
-
-add_cors_middleware(app)
-
-
-app.include_router(upload_router)
-app.include_router(misc_router)
-
-
-@app.exception_handler(HTTPException)
-async def http_exception_handler(_, exc):
-    return JSONResponse(
-        status_code=exc.status_code,
-        content={"detail": exc.detail},
-    )
-
-
-handle_request_validation_error(app)
-
-if __name__ == "__main__":
-    # run main.py to debug backend
-    import uvicorn
-
-    uvicorn.run(app, host="0.0.0.0", port=5050)

frontend/next.config.js

@@ -37,6 +37,8 @@ const ContentSecurityPolicy = {
     process.env.NEXT_PUBLIC_SUPABASE_URL,
     "https://api.june.so",
     "https://us.posthog.com",
+    "https://preview.quivr.app",
+    "https://*.vercel.app",
     process.env.NEXT_PUBLIC_FRONTEND_URL,
   ],
   "connect-src": [
@@ -48,7 +50,7 @@ const ContentSecurityPolicy = {
     "https://api.openai.com",
     "https://cdn.growthbook.io",
     "https://vitals.vercel-insights.com/v1/vitals",
-    "https://us.posthog.com"
+    "https://us.posthog.com",
   ],
   "img-src": [
     "'self'",
@@ -62,21 +64,28 @@ const ContentSecurityPolicy = {
     "https://user-images.githubusercontent.com",
     process.env.NEXT_PUBLIC_FRONTEND_URL,
     "https://quivr-cms.s3.eu-west-3.amazonaws.com",
+    "https://preview.quivr.app",
+    "https://*.vercel.app",
   ],
   "script-src": [
     "'unsafe-inline'",
     "'unsafe-eval'",
     "https://va.vercel-scripts.com/",
     process.env.NEXT_PUBLIC_FRONTEND_URL,
+    "https://preview.quivr.app",
+    "https://*.vercel.app",
     "https://www.google-analytics.com/",
     "https://js.stripe.com",
-    "https://us.posthog.com"
+    "https://us.posthog.com",
-  ],
-  "frame-src": ["https://js.stripe.com",
-    "https://us.posthog.com"
   ],
+  "frame-src": ["https://js.stripe.com", "https://us.posthog.com"],
   "frame-ancestors": ["'none'"],
-  "style-src": ["'unsafe-inline'", process.env.NEXT_PUBLIC_FRONTEND_URL],
+  "style-src": [
+    "'unsafe-inline'",
+    process.env.NEXT_PUBLIC_FRONTEND_URL,
+    "https://preview.quivr.app",
+    "https://*.vercel.app",
+  ],
 };
 
 // Build CSP string