From a4d6348a799caea31e98fc7b8c8f13e3adbd3b2b Mon Sep 17 00:00:00 2001
From: jubnl <jgunther021@gmail.com>
Date: Thu, 2 Apr 2026 14:09:55 +0200
Subject: [PATCH] fix: add raw.githubusercontent.com to CSP connect-src for
 Atlas map

The Atlas feature fetches country GeoJSON from GitHub raw content, which
was blocked by the Content Security Policy connect-src directive.

Closes #285
---
 server/src/index.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/server/src/index.ts b/server/src/index.ts
index c43faf5..5508542 100644
--- a/server/src/index.ts
+++ b/server/src/index.ts
@@ -66,6 +66,7 @@ app.use(helmet({
         "https://*.basemaps.cartocdn.com", "https://*.tile.openstreetmap.org",
         "https://unpkg.com", "https://open-meteo.com", "https://api.open-meteo.com",
         "https://geocoding-api.open-meteo.com", "https://api.exchangerate-api.com",
+        "https://raw.githubusercontent.com/nvkelso/natural-earth-vector/master/geojson/ne_50m_admin_0_countries.geojson"
       ],
       fontSrc: ["'self'", "https://fonts.gstatic.com", "data:"],
       objectSrc: ["'none'"],