fix: Fix Content-Security-Policy config

packages/bruno-electron/src/index.js

@@ -14,16 +14,18 @@ const { loadWindowState, saveBounds, saveMaximized } = require('./utils/window')
 
 const lastOpenedCollections = new LastOpenedCollections();
 
+// Reference: https://content-security-policy.com/
 const contentSecurityPolicy = [
-  isDev ? "default-src 'self' 'unsafe-inline' 'unsafe-eval'" : "default-src 'self'",
-  "connect-src 'self' https://api.github.com/repos/usebruno/bruno",
-  "font-src 'self' https://fonts.gstatic.com",
+  "default-src 'self'",
+  "script-src * 'unsafe-inline' 'unsafe-eval'",
+  "connect-src 'self' api.github.com",
+  "font-src 'self' https:",
   "form-action 'none'",
-  "img-src 'self' blob: data:",
-  "style-src 'self' https://fonts.googleapis.com"
+  "img-src 'self' blob: data: https:",
+  "style-src 'self' 'unsafe-inline' https:"
 ];
 
-setContentSecurityPolicy(contentSecurityPolicy.join(';'));
+setContentSecurityPolicy(contentSecurityPolicy.join(';') + ';');
 
 const menu = Menu.buildFromTemplate(menuTemplate);
 Menu.setApplicationMenu(menu);