From 0b20f84c8545f9ee90ffe2960a4871b6fc199968 Mon Sep 17 00:00:00 2001
From: Satya Patel <satyapatel111@gmail.com>
Date: Sat, 16 May 2026 15:55:09 -0700
Subject: [PATCH] fix(web): allow relay-backup origin in CSP connect-src

Adds wss:// and https:// origins for relay-backup.superset.sh to the web
app's connect-src. The relay URL can be overridden to the backup relay
via the relay-url-override PostHog flag; the prod CSP has no blanket
ws:/wss:, so both the WebSocket and HTTPS origins must be listed.
---
 apps/web/next.config.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/apps/web/next.config.ts b/apps/web/next.config.ts
index fc20084769f..1cb44b30b26 100644
--- a/apps/web/next.config.ts
+++ b/apps/web/next.config.ts
@@ -40,6 +40,8 @@ const contentSecurityPolicy = [
 		apiOrigin,
 		relayWsOrigin,
 		relayHttpOrigin,
+		"wss://relay-backup.superset.sh",
+		"https://relay-backup.superset.sh",
 		"https://*.ingest.sentry.io",
 		"https://*.sentry.io",
 		"https://us.i.posthog.com",