builtbykev/vyndr
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity

Session 16: Live hero prop, sport-specific markets fix, soccer weather, Sentry CSP (1429 tests)

Browse Source
This commit is contained in:
Kev
2026-06-11 18:15:25 -04:00
parent 167996d99a
commit 73b65a0248
11 changed files with 1010 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/next.config.ts
+6 -2
View File
@@ -15,11 +15,15 @@ import withBundleAnalyzer from '@next/bundle-analyzer';
// - Supabase wss: AuthContext realtime + push subscriptions
const CSP = [
"default-src 'self'",
"script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.stripe.com https://us-assets.i.posthog.com",
"script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.stripe.com https://us-assets.i.posthog.com https://browser.sentry-cdn.com",
"style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
"font-src 'self' https://fonts.gstatic.com",
"img-src 'self' data: blob: https://*.supabase.co https://cdn.nba.com https://a.espncdn.com",
"connect-src 'self' https://*.supabase.co wss://*.supabase.co https://api.stripe.com https://us.i.posthog.com https://us-assets.i.posthog.com",
// Session 16 — Sentry browser client posts events to *.sentry.io
// (and *.ingest.sentry.io for the ingestion endpoints). Adding
// both forms so the @sentry/nextjs init in SentryInit.tsx can
// actually report errors out of the browser bundle.
"connect-src 'self' https://*.supabase.co wss://*.supabase.co https://api.stripe.com https://us.i.posthog.com https://us-assets.i.posthog.com https://*.sentry.io https://*.ingest.sentry.io",
"frame-src https://js.stripe.com https://hooks.stripe.com",
"worker-src 'self' blob:",
"manifest-src 'self'",