GH-54 fix(CSP): allow connecting to Sanity API endpoint

ciampo · Jul 6, 2020 · 9152bda · 9152bda
1 parent 8a9763f
commit 9152bda
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/scripts/add-netlify-config.js b/scripts/add-netlify-config.js
@@ -31,7 +31,7 @@ ${routesConfig
     // Allow script coming from same origin, inline and Google / Google Analytics (incl. recaptcha)
     `script-src 'self' 'unsafe-inline' https://www.google.com/ https://www.gstatic.com/ https://www.google-analytics.com https://recaptcha.net`,
     // Allow XHR to same origin and Google Analytics
-    `connect-src 'self' https://www.google-analytics.com`,
+    `connect-src 'self' https://www.google-analytics.com https://*.api.sanity.io`,
     // Allow webmanifest files from same origin
     `manifest-src 'self'`,
     // Allow prefetching files from same origin