From a89ab96a125515dc66b6f09d8bf6bf5ac30ea5f1 Mon Sep 17 00:00:00 2001
From: Mannu <manohar6839@gmail.com>
Date: Sat, 30 May 2026 21:30:54 +0530
Subject: [PATCH] fix: add analytics.manohargupta.com to CSP connect-src

Browser was blocking the POST to analytics.manohargupta.com/api/send
with 'Failed to fetch' because the Content-Security-Policy connect-src
only listed plausible.io (old analytics tool, now removed).

- connect-src: replace plausible.io with analytics.manohargupta.com
- script-src: remove plausible.io (no longer needed, Umami script is self-hosted)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 next.config.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/next.config.ts b/next.config.ts
index 9bc62e1..48bff22 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -23,9 +23,9 @@ const nextConfig: NextConfig = {
           { key: "Content-Security-Policy", value:
             "default-src 'self'; " +
             "img-src 'self' data: https://*.r2.cloudflarestorage.com https://*.r2.dev; " +
-            "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.io; " +
+            "script-src 'self' 'unsafe-inline' 'unsafe-eval'; " +
             "style-src 'self' 'unsafe-inline'; " +
-            "connect-src 'self' https://llm.manohargupta.com https://plausible.io; " +
+            "connect-src 'self' https://llm.manohargupta.com https://analytics.manohargupta.com; " +
             "font-src 'self' data:;"
           },
         ],