{ "_comment": "IMPORTANT: Update production domains to match .env file (VITE_PROD_DOMAIN, VITE_TEST_DOMAIN)", "development": { "description": "Relaxed CSP for development environment with Vite HMR", "csp": { "default-src": ["'self'"], "script-src": [ "'self'", "'unsafe-inline'", "'unsafe-eval'", "http://localhost:*", "ws://localhost:*" ], "style-src": [ "'self'", "'unsafe-inline'", "http://localhost:*" ], "img-src": [ "'self'", "data:", "blob:", "http://localhost:*" ], "font-src": [ "'self'", "data:", "http://localhost:*" ], "connect-src": [ "'self'", "http://localhost:*", "https://localhost:*", "ws://localhost:*", "wss://localhost:*" ], "frame-src": [ "'self'", "http://localhost:8080", "https://localhost:8080" ], "object-src": ["'none'"], "base-uri": ["'self'"], "form-action": ["'self'"], "frame-ancestors": ["'none'"] } }, "production": { "description": "Strict CSP for production environment", "csp": { "default-src": ["'self'"], "script-src": ["'self'"], "style-src": [ "'self'", "'unsafe-inline'" ], "img-src": [ "'self'", "data:", "blob:" ], "font-src": [ "'self'", "data:" ], "connect-src": [ "'self'", "https://mc.exbytestudios.com", "wss://mc.exbytestudios.com", "https://test.exbytestudios.com", "wss://test.exbytestudios.com" ], "frame-src": [ "'self'", "https://mc.exbytestudios.com", "https://test.exbytestudios.com" ], "object-src": ["'none'"], "base-uri": ["'self'"], "form-action": ["'self'"], "frame-ancestors": ["'none'"], "upgrade-insecure-requests": [] } }, "testing": { "description": "CSP for testing environment", "csp": { "default-src": ["'self'"], "script-src": [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ], "style-src": [ "'self'", "'unsafe-inline'" ], "img-src": [ "'self'", "data:", "blob:" ], "font-src": [ "'self'", "data:" ], "connect-src": [ "'self'", "http://localhost:*", "https://localhost:*" ], "frame-src": [ "'self'", "http://localhost:*" ], "object-src": ["'none'"], "base-uri": ["'self'"], "form-action": ["'self'"], "frame-ancestors": ["'none'"] } } }