From 7c60f9ed504f50e4a9af096603408bf106655e2c Mon Sep 17 00:00:00 2001
From: Ken Matsui <26405363+ken-matsui@users.noreply.github.com>
Date: Sun, 26 Nov 2023 19:34:58 -0800
Subject: [PATCH] Update next.config.js (#900)

---
 next.config.js | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/next.config.js b/next.config.js
index 78effa33..2333de43 100644
--- a/next.config.js
+++ b/next.config.js
@@ -1,11 +1,18 @@
 /** @type {import('next').NextConfig} */
 const path = require("path");
 
-const ContentSecurityPolicy = `
+const isDev = process.env.NODE_ENV === 'development';
+
+let ContentSecurityPolicy = `
   default-src 'self';
+  connect-src 'self' vitals.vercel-insights.com;`;
+
+ContentSecurityPolicy += isDev ? `
   script-src 'self' 'unsafe-eval' 'unsafe-inline';
   style-src 'self' 'unsafe-inline';
-  connect-src 'self' vitals.vercel-insights.com;
+` : `
+  script-src 'self';
+  style-src 'self';
 `;
 
 const securityHeaders = [