From fd846e3ed27d8bbd42c86c6eeedef377f03f3fca Mon Sep 17 00:00:00 2001
From: Sudo-Ivan <ivan@quad4.io>
Date: Sun, 4 Jan 2026 14:59:36 -0600
Subject: [PATCH] feat(security): update Content Security Policy to allow
 connections to GitHub API and related domains

---
 electron/main.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/electron/main.js b/electron/main.js
index 0526a8c..ee86e31 100644
--- a/electron/main.js
+++ b/electron/main.js
@@ -350,7 +350,7 @@ app.whenReady().then(async () => {
             "style-src 'self' 'unsafe-inline'",
             "img-src 'self' data: blob: https://*.tile.openstreetmap.org https://tile.openstreetmap.org",
             "font-src 'self' data:",
-            "connect-src 'self' http://localhost:9337 https://localhost:9337 ws://localhost:* wss://localhost:* blob: https://*.tile.openstreetmap.org https://tile.openstreetmap.org https://nominatim.openstreetmap.org",
+            "connect-src 'self' http://localhost:9337 https://localhost:9337 ws://localhost:* wss://localhost:* blob: https://*.tile.openstreetmap.org https://tile.openstreetmap.org https://nominatim.openstreetmap.org https://api.github.com https://objects.githubusercontent.com https://github.com",
             "media-src 'self' blob:",
             "worker-src 'self' blob:",
             "frame-src 'self'",