Commit 5a7225ad authored by Gandalf's avatar Gandalf
Browse files

Refine CSP frame-src and connect-src configuration 

Blog:
- Remove unused frame-src entries for domains that renderer
  normalizes to canonical URLs (3speak.tv handles all variants)
- Remove frame-src entry for unavailable embed subdomain

Wallet:
- Remove images.hive.blog from connect-src as wallet only
  accesses it via server-side API routes, not client-side fetch
parent f6ce809e