fix: add Content Security Policy for Electron API connections

- Add CSP headers to allow connections to endorser.ch and timesafari.app APIs
- Configure secure content policies for images, scripts, styles and fonts
- Fix API connection errors by allowing required external resources
- Remove duplicate CSP header configuration

src/electron/main.js

@@ -83,23 +83,22 @@ function createWindow() {
     throw new Error("Index file not found");
   }
 
-  // Set CSP headers
+  // Add CSP headers to allow API connections
-  mainWindow.webContents.session.webRequest.onHeadersReceived(
+  mainWindow.webContents.session.webRequest.onHeadersReceived((details, callback) => {
-    (details, callback) => {
     callback({
       responseHeaders: {
         ...details.responseHeaders,
-          "Content-Security-Policy": [
+        'Content-Security-Policy': [
           "default-src 'self';" +
-              "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;" +
+          "connect-src 'self' https://api.endorser.ch https://*.timesafari.app;" +
-              "font-src 'self' https://fonts.gstatic.com;" +
+          "img-src 'self' data: https: blob:;" +
-              "script-src 'self' 'unsafe-eval' 'unsafe-inline';" +
+          "script-src 'self' 'unsafe-inline' 'unsafe-eval';" +
-              "img-src 'self' data: https:;",
+          "style-src 'self' 'unsafe-inline';" +
-          ],
+          "font-src 'self' data:;"
-        },
+        ]
-      });
+      }
-    },
+    })
-  );
+  })
 
   // Load the index.html
   mainWindow