From 76e2e0492dacb6140a6510556661b03b7a13fca1 Mon Sep 17 00:00:00 2001
From: Deepak Pandey <deepak@codeunia.dev>
Date: Mon, 8 Sep 2025 13:18:13 +0530
Subject: [PATCH] Fix CSP violations: Allow inline scripts/styles and
 Cloudflare Insights

- Added 'unsafe-inline' to script-src for Next.js inline scripts
- Added 'unsafe-eval' to script-src for dynamic script evaluation
- Added 'unsafe-inline' to style-src for Google Fonts and inline styles
- Added https://static.cloudflareinsights.com to script-src for Cloudflare Analytics
- This resolves the 35+ CSP violations preventing site from loading properly
---
 vercel.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vercel.json b/vercel.json
index 1a235809..9b3fcc56 100644
--- a/vercel.json
+++ b/vercel.json
@@ -73,7 +73,7 @@
         },
         {
           "key": "Content-Security-Policy",
-          "value": "default-src 'self'; script-src 'self' https://vercel.live https://va.vercel-scripts.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https: blob:; connect-src 'self' https://*.supabase.co https://*.vercel.app wss://*.supabase.co; frame-src 'none'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests;"
+          "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vercel.live https://va.vercel-scripts.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https: blob:; connect-src 'self' https://*.supabase.co https://*.vercel.app wss://*.supabase.co; frame-src 'none'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests;"
         }
       ]
     }