fix: add favicon domains to connect-src for service worker compatibility

The PWA service worker (workbox) fetches images via the Fetch API, which is governed by connect-src, not img-src. Add www.google.com, *.gstatic.com, and ciphera.net to connect-src so favicon and app icon fetches succeed.
2026-03-01 15:44:10 +01:00
parent c9123832a5
commit fba1fd99c2
1 changed files with 1 additions and 1 deletions
--- a/next.config.ts
+++ b/next.config.ts
@@ -14,7 +14,7 @@ const cspDirectives = [
  "style-src 'self' 'unsafe-inline'",
  "img-src 'self' data: blob: https://www.google.com https://*.gstatic.com https://ciphera.net",
  "font-src 'self'",
-  `connect-src 'self' https://*.ciphera.net https://cdn.jsdelivr.net${process.env.NODE_ENV === 'development' ? ' http://localhost:*' : ''}`,
+  `connect-src 'self' https://*.ciphera.net https://ciphera.net https://www.google.com https://*.gstatic.com https://cdn.jsdelivr.net${process.env.NODE_ENV === 'development' ? ' http://localhost:*' : ''}`,
  "worker-src 'self'",
  "frame-src 'none'",
  "object-src 'none'",