From aea31bce5d6072e6f8ad1b63125cd74afa6096f3 Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Thu, 14 Nov 2024 20:28:14 -0600
Subject: [PATCH] csp: use the sentry origin instead of the URL itself

---
 src/middleware/cspMiddleware.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/middleware/cspMiddleware.ts b/src/middleware/cspMiddleware.ts
index ed102f7a..70c9316d 100644
--- a/src/middleware/cspMiddleware.ts
+++ b/src/middleware/cspMiddleware.ts
@@ -22,7 +22,12 @@ export const cspMiddleware = (): AppMiddleware => {
     const connectSrc = ["'self'", 'blob:', origin, `${wsProtocol}//${host}`];
 
     if (typeof sentryDsn === 'string') {
-      connectSrc.push(sentryDsn);
+      try {
+        const dsn = new URL(sentryDsn);
+        connectSrc.push(dsn.origin);
+      } catch {
+        // Ignore
+      }
     }
 
     const policies = [