Content-Security-Policy is blocking our company url

[pbender87]

Hello,

thank you for the plugin. Unfortunately it is not possible to setup the plugin for our self hosted company gitlab as there is a content-security-policy:

Refused to connect to 'https://gitlab.mycompany.com/api/v4/projects/1/trigger/pipeline' because it violates the following Content Security Policy directive: "default-src data: blob: https://github.com https://bitbucket.org/ https://gitlab.com/ https://rsms.me https://*.bitbucket.org/ https://*.gitlab.com/ https://*.github.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

It would be helpful if we can change this content-security-policy or disable it.

Best regards Philipp

[lukasoppermann]

Hey, it is not possible to disable the content security policy as this will break figma <> github.

It may be possible to add a wildcard to the connect-src.

If you want to check this in the figma api docs and send a PR, that would be great.