From ac4cb049cb0da18727a0adec03259d96c54fcbb9 Mon Sep 17 00:00:00 2001
From: Jesse Winton <jesse@appwrite.io>
Date: Fri, 10 Jan 2025 13:19:41 -0500
Subject: [PATCH] update posthog csp

---
 src/hooks.server.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/hooks.server.ts b/src/hooks.server.ts
index 03d6ca088f..9e2318e77e 100644
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -40,7 +40,7 @@ const securityheaders: Handle = async ({ event, resolve }) => {
 
     const cspDirectives = [
         "default-src 'self'",
-        "script-src 'self' 'unsafe-inline' 'unsafe-eval'",
+        "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.posthog.com",
         "style-src 'self' 'unsafe-inline'",
         "img-src 'self' data: https:",
         "font-src 'self'",
@@ -50,7 +50,7 @@ const securityheaders: Handle = async ({ event, resolve }) => {
         "frame-ancestors 'self' https://www.youtube.com https://*.vimeo.com",
         'block-all-mixed-content',
         'upgrade-insecure-requests',
-        "connect-src 'self' https://cloud.appwrite.io",
+        "connect-src 'self' https://cloud.appwrite.io https://*.posthog.com",
         "frame-src 'self' https://www.youtube.com https://status.appwrite.online https://www.youtube-nocookie.com https://player.vimeo.com"
     ];