Strengthen CSP

packages/bruno-electron/src/index.js

@@ -30,8 +30,7 @@ const lastOpenedCollections = new LastOpenedCollections();
 // Reference: https://content-security-policy.com/
 const contentSecurityPolicy = [
   "default-src 'self'",
-  "script-src * 'unsafe-inline' 'unsafe-eval'",
-  "connect-src * 'unsafe-inline'",
+  "connect-src 'self' https://*.posthog.com",
   "font-src 'self' https:",
   // this has been commented out to make oauth2 work
   // "form-action 'none'",