From 11143adb02446aed2fc55e10b7071f976cfc45e4 Mon Sep 17 00:00:00 2001
From: Vendicated <vendicated@riseup.net>
Date: Fri, 24 Jan 2025 03:32:15 +0100
Subject: [PATCH] whitelist plugin specific domains

---
 src/main/csp.ts | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/main/csp.ts b/src/main/csp.ts
index 91ca3bec1..3e0dececf 100644
--- a/src/main/csp.ts
+++ b/src/main/csp.ts
@@ -32,12 +32,20 @@ const Policies: PolicyMap = {
     "cdn.discordapp.com": MediaAndCssSrc, // Discord CDN, used by Vencord and some themes to load media
     "media.discordapp.net": MediaSrc, // Discord media CDN, possible alternative to Discord CDN
 
-    "*.vencord.dev": MediaSrc, // used for VenCloud (api.vencord.dev) and badges (badges.vencord.dev)
-
     // CDNs used for some things by Vencord.
     // FIXME: we really should not be using CDNs anymore
     "cdnjs.cloudflare.com": MediaScriptsAndCssSrc,
     "unpkg.com": MediaScriptsAndCssSrc,
+
+    // Function Specific
+    "api.github.com": ["connect-src"], // used for updating Vencord itself
+    "ws.audioscrobbler.com": ["connect-src"], // last.fm API
+    "translate.googleapis.com": ["connect-src"], // Google Translate API
+    "*.vencord.dev": MediaSrc, // VenCloud (api.vencord.dev) and Badges (badges.vencord.dev)
+    "manti.vendicated.dev": MediaSrc, // ReviewDB API
+    "decor.fieryflames.dev": MediaSrc, // Decor API
+    "sponsor.ajay.app": MediaSrc, // Dearrow API
+    "usrbg.is-hardly.online": MediaSrc, // USRBG API
 };
 
 const findHeader = (headers: PolicyMap, headerName: Lowercase<string>) => {