diff --git a/packages/bruno-electron/src/index.js b/packages/bruno-electron/src/index.js
index 0cb75645d..522df6c68 100644
--- a/packages/bruno-electron/src/index.js
+++ b/packages/bruno-electron/src/index.js
@@ -30,8 +30,7 @@ const lastOpenedCollections = new LastOpenedCollections();
 // Reference: https://content-security-policy.com/
 const contentSecurityPolicy = [
   "default-src 'self'",
-  "script-src * 'unsafe-inline' 'unsafe-eval'",
-  "connect-src * 'unsafe-inline'",
+  "connect-src 'self' https://*.posthog.com",
   "font-src 'self' https:",
   "frame-src data:",
   // this has been commented out to make oauth2 work