From eac75828d78b91d2d65360564ffdbefd40d2896c Mon Sep 17 00:00:00 2001
From: isaackps <isaac.kps@gmail.com>
Date: Fri, 29 May 2026 13:56:33 +0800
Subject: [PATCH] fix: updated CSP with new sdc endpoint

---
 netlify.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/netlify.toml b/netlify.toml
index b0768ee..91e93fb 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -15,7 +15,7 @@
     X-Frame-Options = "DENY"
     
     # Content Security Policy - Comprehensive XSS and injection protection
-    Content-Security-Policy = "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://www.google-analytics.com https://*.algolia.net https://*.algolianet.com https://min-api.cryptocompare.com https://api.blocknative.com https://rpc.xinfin.network; frame-src https://app.netlify.com; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests"
+    Content-Security-Policy = "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://www.google-analytics.com https://*.algolia.net https://*.algolianet.com https://min-api.cryptocompare.com https://api.blocknative.com https://rpc.xinfin.network https://xdctraderpc.xinfin.network; frame-src https://app.netlify.com; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests"
     
     # Permissions Policy - Browser feature access control
     Permissions-Policy = "camera=(), microphone=(), geolocation=(), interest-cohort=(), payment=(), usb=(), bluetooth=(), magnetometer=(), gyroscope=(), accelerometer=(), autoplay=(), encrypted-media=(), fullscreen=(self), picture-in-picture=()"