fix: add Content Security Policy for Electron API connections

- Add CSP headers to allow connections to endorser.ch and timesafari.app APIs
- Configure secure content policies for images, scripts, styles and fonts
- Fix API connection errors by allowing required external resources
- Remove duplicate CSP header configuration

src/electron/main.js

@@ -83,23 +83,22 @@ function createWindow() {
     throw new Error("Index file not found");
   }
 
-  // Set CSP headers
-  mainWindow.webContents.session.webRequest.onHeadersReceived(
-    (details, callback) => {
-      callback({
-        responseHeaders: {
-          ...details.responseHeaders,
-          "Content-Security-Policy": [
-            "default-src 'self';" +
-              "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;" +
-              "font-src 'self' https://fonts.gstatic.com;" +
-              "script-src 'self' 'unsafe-eval' 'unsafe-inline';" +
-              "img-src 'self' data: https:;",
-          ],
-        },
-      });
-    },
-  );
+  // Add CSP headers to allow API connections
+  mainWindow.webContents.session.webRequest.onHeadersReceived((details, callback) => {
+    callback({
+      responseHeaders: {
+        ...details.responseHeaders,
+        'Content-Security-Policy': [
+          "default-src 'self';" +
+          "connect-src 'self' https://api.endorser.ch https://*.timesafari.app;" +
+          "img-src 'self' data: https: blob:;" +
+          "script-src 'self' 'unsafe-inline' 'unsafe-eval';" +
+          "style-src 'self' 'unsafe-inline';" +
+          "font-src 'self' data:;"
+        ]
+      }
+    })
+  })
 
   // Load the index.html
   mainWindow