From 9396806daaad398aae6d39508a6a026044982309 Mon Sep 17 00:00:00 2001
From: Jed Fox <git@jedfox.com>
Date: Sun, 5 Feb 2023 17:00:57 -0500
Subject: [PATCH] Allow the Netlify frontend to connect to arbitrary servers
 (#638)

* Allow the frontend to connect to arbitrary servers

* - sentry
---
 packages/desktop-client/public/_headers | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/desktop-client/public/_headers b/packages/desktop-client/public/_headers
index 295d7c151..ca84ccb1f 100644
--- a/packages/desktop-client/public/_headers
+++ b/packages/desktop-client/public/_headers
@@ -1,10 +1,10 @@
 /*
   Cross-Origin-Opener-Policy: same-origin
   Cross-Origin-Embedder-Policy: require-corp
-  Content-Security-Policy: default-src 'self' https://sentry.io blob:; script-src 'self' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.actualbudget.com https://api.mixpanel.com https://sentry.io;
+  Content-Security-Policy: default-src 'self' blob:; script-src 'self' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; connect-src http: https:;
 
 /kcab/*
-  Content-Security-Policy: default-src 'self' https://sentry.io blob:; script-src 'self' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.actualbudget.com https://api.mixpanel.com https://sentry.io;
+  Content-Security-Policy: default-src 'self' blob:; script-src 'self' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; connect-src http: https:;
 
 /*.wasm
-  Content-Type: application/wasm
\ No newline at end of file
+  Content-Type: application/wasm
-- 
GitLab