fix: 🐛 csp

added preview env

frontend/next.config.js

@@ -37,6 +37,8 @@ const ContentSecurityPolicy = {
     process.env.NEXT_PUBLIC_SUPABASE_URL,
     "https://api.june.so",
     "https://us.posthog.com",
+    "https://preview.quivr.app",
+    "https://*-quivr-app.vercel.app/",
     process.env.NEXT_PUBLIC_FRONTEND_URL,
   ],
   "connect-src": [
@@ -48,7 +50,7 @@ const ContentSecurityPolicy = {
     "https://api.openai.com",
     "https://cdn.growthbook.io",
     "https://vitals.vercel-insights.com/v1/vitals",
-    "https://us.posthog.com"
+    "https://us.posthog.com",
   ],
   "img-src": [
     "'self'",
@@ -62,21 +64,28 @@ const ContentSecurityPolicy = {
     "https://user-images.githubusercontent.com",
     process.env.NEXT_PUBLIC_FRONTEND_URL,
     "https://quivr-cms.s3.eu-west-3.amazonaws.com",
+    "https://preview.quivr.app",
+    "https://*-quivr-app.vercel.app/",
   ],
   "script-src": [
     "'unsafe-inline'",
     "'unsafe-eval'",
     "https://va.vercel-scripts.com/",
     process.env.NEXT_PUBLIC_FRONTEND_URL,
+    "https://preview.quivr.app",
+    "https://*-quivr-app.vercel.app/",
     "https://www.google-analytics.com/",
     "https://js.stripe.com",
-    "https://us.posthog.com"
-  ],
-  "frame-src": ["https://js.stripe.com",
-    "https://us.posthog.com"
+    "https://us.posthog.com",
   ],
+  "frame-src": ["https://js.stripe.com", "https://us.posthog.com"],
   "frame-ancestors": ["'none'"],
-  "style-src": ["'unsafe-inline'", process.env.NEXT_PUBLIC_FRONTEND_URL],
+  "style-src": [
+    "'unsafe-inline'",
+    process.env.NEXT_PUBLIC_FRONTEND_URL,
+    "https://preview.quivr.app",
+    "https://*-quivr-app.vercel.app/",
+  ],
 };
 
 // Build CSP string