From c997924c42d47b7473475b2a4e6d1a3403ee7530 Mon Sep 17 00:00:00 2001
From: ramki-bruno <ramki@usebruno.com>
Date: Wed, 12 Feb 2025 20:48:19 +0530
Subject: [PATCH] Strengthen CSP

---
 packages/bruno-electron/src/index.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/packages/bruno-electron/src/index.js b/packages/bruno-electron/src/index.js
index 0cb75645d..522df6c68 100644
--- a/packages/bruno-electron/src/index.js
+++ b/packages/bruno-electron/src/index.js
@@ -30,8 +30,7 @@ const lastOpenedCollections = new LastOpenedCollections();
 // Reference: https://content-security-policy.com/
 const contentSecurityPolicy = [
   "default-src 'self'",
-  "script-src * 'unsafe-inline' 'unsafe-eval'",
-  "connect-src * 'unsafe-inline'",
+  "connect-src 'self' https://*.posthog.com",
   "font-src 'self' https:",
   "frame-src data:",
   // this has been commented out to make oauth2 work