From 822e05a13632bcd8445c9a120cddd2078185ca5f Mon Sep 17 00:00:00 2001
From: Arjun Komath <arjun@hey.com>
Date: Fri, 3 Jan 2025 22:58:36 +1100
Subject: [PATCH] Fix CSP config

---
 apps/page/next.config.js | 4 ++--
 apps/web/next.config.js  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/apps/page/next.config.js b/apps/page/next.config.js
index 3fb23c8..94271f9 100644
--- a/apps/page/next.config.js
+++ b/apps/page/next.config.js
@@ -2,10 +2,10 @@ const withBundleAnalyzer = require("@next/bundle-analyzer")({});
 
 const ContentSecurityPolicy = `
   script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *;
-  style-src 'self' data: 'unsafe-inline' cdn.zapier.com;
+  style-src 'self' data: 'unsafe-inline';
   img-src 'self' * data:;
   font-src 'self';
-  connect-src 'self' wss: *.supabase.co *.changes.page *.intercom.io *.sentry.io vercel.live;
+  connect-src 'self' wss: *.supabase.co *.changes.page *.intercom.io *.sentry.io vercel.live *.zapier.com;
   report-to default
 `;
 
diff --git a/apps/web/next.config.js b/apps/web/next.config.js
index bdfd0aa..f8d9b2d 100644
--- a/apps/web/next.config.js
+++ b/apps/web/next.config.js
@@ -1,11 +1,11 @@
 const withBundleAnalyzer = require("@next/bundle-analyzer")({});
 
 const ContentSecurityPolicy = `
-  script-src 'self' 'unsafe-eval' 'unsafe-inline' *;
+  script-src 'self' 'unsafe-eval' 'unsafe-inline' *  cdn.zapier.com;
   style-src 'self' data: 'unsafe-inline' maxcdn.bootstrapcdn.com cdn.jsdelivr.net;
   img-src 'self' * data: blob:;
   font-src 'self' data: maxcdn.bootstrapcdn.com cdn.jsdelivr.net;
-  connect-src 'self' wss: *.supabase.co *.changes.page manageprompt.com;
+  connect-src 'self' wss: *.supabase.co *.changes.page manageprompt.com *.zapier.com;
   worker-src 'self' blob:;
   report-to default
 `;