From 7b7a6c78003c4b064c66ccbec08ac6694d56db45 Mon Sep 17 00:00:00 2001
From: Kieran <kieran@harkin.me>
Date: Tue, 12 Sep 2023 23:02:51 +0100
Subject: [PATCH] Update CSP

---
 packages/app/_headers      | 2 +-
 packages/app/src/index.tsx | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/app/_headers b/packages/app/_headers
index d7ff4911..5921f994 100644
--- a/packages/app/_headers
+++ b/packages/app/_headers
@@ -1,2 +1,2 @@
 /*
-  Content-Security-Policy: default-src 'self'; manifest-src *; child-src 'none'; worker-src 'self'; frame-src youtube.com www.youtube.com https://platform.twitter.com https://embed.tidal.com https://w.soundcloud.com https://www.mixcloud.com https://open.spotify.com https://player.twitch.tv https://embed.music.apple.com https://nostrnests.com https://embed.wavlake.com; style-src 'self' 'unsafe-inline'; connect-src *; img-src * data: blob:; font-src 'self'; media-src * blob:; script-src 'self' 'wasm-unsafe-eval' https://static.cloudflareinsights.com https://platform.twitter.com https://embed.tidal.com;
\ No newline at end of file
+  Content-Security-Policy: default-src 'self'; manifest-src *; child-src 'none'; worker-src 'self'; frame-src youtube.com www.youtube.com https://platform.twitter.com https://embed.tidal.com https://w.soundcloud.com https://www.mixcloud.com https://open.spotify.com https://player.twitch.tv https://embed.music.apple.com https://nostrnests.com https://embed.wavlake.com; style-src 'self' 'unsafe-inline'; connect-src *; img-src * data: blob:; font-src 'self'; media-src * blob:; script-src 'self' 'wasm-unsafe-eval' https://analytics.v0l.io https://platform.twitter.com https://embed.tidal.com;
\ No newline at end of file
diff --git a/packages/app/src/index.tsx b/packages/app/src/index.tsx
index e2c7dfd5..781a190d 100644
--- a/packages/app/src/index.tsx
+++ b/packages/app/src/index.tsx
@@ -120,7 +120,7 @@ async function initSite() {
   // <script defer data-domain="snort.social" src="http://analytics.v0l.io/js/script.js"></script>
   if (login.preferences.telemetry ?? true) {
     const sc = document.createElement("script");
-    sc.src = "http://analytics.v0l.io/js/script.js";
+    sc.src = "https://analytics.v0l.io/js/script.js";
     sc.defer = true;
     sc.setAttribute("data-domain", "snort.social");
     document.head.appendChild(sc);