From f53afb5a6b5d1b8149a2388be996c64a08eead71 Mon Sep 17 00:00:00 2001
From: ramki-bruno <ramki@usebruno.com>
Date: Wed, 12 Feb 2025 20:48:19 +0530
Subject: [PATCH] Strengthen CSP

---
 packages/bruno-electron/src/index.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/packages/bruno-electron/src/index.js b/packages/bruno-electron/src/index.js
index 4b6494b2f..c0999f2a9 100644
--- a/packages/bruno-electron/src/index.js
+++ b/packages/bruno-electron/src/index.js
@@ -30,8 +30,7 @@ const lastOpenedCollections = new LastOpenedCollections();
 // Reference: https://content-security-policy.com/
 const contentSecurityPolicy = [
   "default-src 'self'",
-  "script-src * 'unsafe-inline' 'unsafe-eval'",
-  "connect-src * 'unsafe-inline'",
+  "connect-src 'self' https://*.posthog.com",
   "font-src 'self' https:",
   // this has been commented out to make oauth2 work
   // "form-action 'none'",