From 311d75be28778b8fff2dffd1ff6fd6c7c3641ba6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ivar=20Conradi=20=C3=98sthus?= <ivar@getunleash.ai>
Date: Thu, 10 Apr 2025 09:24:26 +0200
Subject: [PATCH] add hosted edge to allowed connect-src

---
 src/lib/middleware/secure-headers.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lib/middleware/secure-headers.ts b/src/lib/middleware/secure-headers.ts
index 98323dfbe5..70e9eddfad 100644
--- a/src/lib/middleware/secure-headers.ts
+++ b/src/lib/middleware/secure-headers.ts
@@ -60,6 +60,7 @@ const secureHeaders: (config: IUnleashConfig) => RequestHandler = (config) => {
                         'gravatar.com',
                         'europe-west3-metrics-304612.cloudfunctions.net',
                         'app.unleash-hosted.com',
+                        'hosted.edge.getunleash.io',
                         ...config.additionalCspAllowedDomains.connectSrc,
                     ],
                     mediaSrc: [