From 1b506bce79005178612103b98f0a10982ea023d9 Mon Sep 17 00:00:00 2001
From: Kiril Videlov <kiril@videlov.com>
Date: Wed, 20 Mar 2024 18:15:30 +0100
Subject: [PATCH] feat(security): Add OpenAI API endpoint to CSP

---
 gitbutler-app/tauri.conf.nightly.json | 2 +-
 gitbutler-app/tauri.conf.release.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/gitbutler-app/tauri.conf.nightly.json b/gitbutler-app/tauri.conf.nightly.json
index 5f8b40e2f..69ac7ee0d 100644
--- a/gitbutler-app/tauri.conf.nightly.json
+++ b/gitbutler-app/tauri.conf.nightly.json
@@ -24,7 +24,7 @@
 			"csp": {
 				"default-src": "'self'",
 				"img-src": "'self' asset: https://asset.localhost data: tauri://localhost https://avatars.githubusercontent.com https://*.gitbutler.com  https://gitbutler-public.s3.amazonaws.com https://*.gravatar.com",
-				"connect-src": "'self' https://eu.posthog.com https://eu.i.posthog.com https://app.gitbutler.com https://o4504644069687296.ingest.sentry.io ws://localhost:7703 https://github.com https://api.github.com",
+				"connect-src": "'self' https://eu.posthog.com https://eu.i.posthog.com https://app.gitbutler.com https://o4504644069687296.ingest.sentry.io ws://localhost:7703 https://github.com https://api.github.com https://api.openai.com",
 				"script-src": "'self' https://eu.posthog.com https://eu.i.posthog.com",
 				"style-src": "'self' 'unsafe-inline'"
 			}
diff --git a/gitbutler-app/tauri.conf.release.json b/gitbutler-app/tauri.conf.release.json
index aa91d2665..0609a367c 100644
--- a/gitbutler-app/tauri.conf.release.json
+++ b/gitbutler-app/tauri.conf.release.json
@@ -24,7 +24,7 @@
 			"csp": {
 				"default-src": "'self'",
 				"img-src": "'self' asset: https://asset.localhost data: tauri://localhost https://avatars.githubusercontent.com https://*.gitbutler.com  https://gitbutler-public.s3.amazonaws.com https://*.gravatar.com",
-				"connect-src": "'self' https://eu.posthog.com https://eu.i.posthog.com https://app.gitbutler.com https://o4504644069687296.ingest.sentry.io ws://localhost:7703 https://github.com https://api.github.com",
+				"connect-src": "'self' https://eu.posthog.com https://eu.i.posthog.com https://app.gitbutler.com https://o4504644069687296.ingest.sentry.io ws://localhost:7703 https://github.com https://api.github.com https://api.openai.com",
 				"script-src": "'self' https://eu.posthog.com https://eu.i.posthog.com",
 				"style-src": "'self' 'unsafe-inline'"
 			}