Merge pull request #3250 from gitbutlerapp/add-connect-src-to-openai-api

feat(security): Add OpenAI API endpoint to CSP
This commit is contained in:
Kiril Videlov 2024-03-20 18:32:17 +01:00 committed by GitHub
commit 7fbdfae1c4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 2 additions and 2 deletions

View File

@ -24,7 +24,7 @@
"csp": { "csp": {
"default-src": "'self'", "default-src": "'self'",
"img-src": "'self' asset: https://asset.localhost data: tauri://localhost https://avatars.githubusercontent.com https://*.gitbutler.com https://gitbutler-public.s3.amazonaws.com https://*.gravatar.com", "img-src": "'self' asset: https://asset.localhost data: tauri://localhost https://avatars.githubusercontent.com https://*.gitbutler.com https://gitbutler-public.s3.amazonaws.com https://*.gravatar.com",
"connect-src": "'self' https://eu.posthog.com https://eu.i.posthog.com https://app.gitbutler.com https://o4504644069687296.ingest.sentry.io ws://localhost:7703 https://github.com https://api.github.com", "connect-src": "'self' https://eu.posthog.com https://eu.i.posthog.com https://app.gitbutler.com https://o4504644069687296.ingest.sentry.io ws://localhost:7703 https://github.com https://api.github.com https://api.openai.com",
"script-src": "'self' https://eu.posthog.com https://eu.i.posthog.com", "script-src": "'self' https://eu.posthog.com https://eu.i.posthog.com",
"style-src": "'self' 'unsafe-inline'" "style-src": "'self' 'unsafe-inline'"
} }

View File

@ -24,7 +24,7 @@
"csp": { "csp": {
"default-src": "'self'", "default-src": "'self'",
"img-src": "'self' asset: https://asset.localhost data: tauri://localhost https://avatars.githubusercontent.com https://*.gitbutler.com https://gitbutler-public.s3.amazonaws.com https://*.gravatar.com", "img-src": "'self' asset: https://asset.localhost data: tauri://localhost https://avatars.githubusercontent.com https://*.gitbutler.com https://gitbutler-public.s3.amazonaws.com https://*.gravatar.com",
"connect-src": "'self' https://eu.posthog.com https://eu.i.posthog.com https://app.gitbutler.com https://o4504644069687296.ingest.sentry.io ws://localhost:7703 https://github.com https://api.github.com", "connect-src": "'self' https://eu.posthog.com https://eu.i.posthog.com https://app.gitbutler.com https://o4504644069687296.ingest.sentry.io ws://localhost:7703 https://github.com https://api.github.com https://api.openai.com",
"script-src": "'self' https://eu.posthog.com https://eu.i.posthog.com", "script-src": "'self' https://eu.posthog.com https://eu.i.posthog.com",
"style-src": "'self' 'unsafe-inline'" "style-src": "'self' 'unsafe-inline'"
} }