Fix Connect src csp

[ildyria]

Summary by CodeRabbit

• Chores
  • Updated security header configuration structure to improve code organization. The application's security policies and protection levels remain unchanged.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 75ccb342-6774-4aba-ba0b-680f07077e09

📥 Commits

Reviewing files that changed from the base of the PR and between 9ed4420 and 28b0f46.

📒 Files selected for processing (1)

• config/secure-headers.php

---

📝 Walkthrough

Walkthrough

The Content-Security-Policy connect-src directive in the secure headers configuration was restructured to wrap the merged array sources within an 'allow' key, changing from a flat array to a nested associative array format while preserving the underlying security logic and allowed sources.

Changes

Cohort / File(s)	Summary
CSP Configuration Update config/secure-headers.php	Modified connect-src directive structure from direct array to nested 'allow' key format, maintaining the same merged sources combining default update endpoint with environment-based configuration.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 Behold, dear config takes a bow,
With 'allow' keys, we're safer now,
A nested twist, so neat and tight,
Security headers, configured right! 🔐

🚥 Pre-merge checks | ✅ 1

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}