From 85f6dcfc222a37305e91df4d9c9fddb9f3bd95e0 Mon Sep 17 00:00:00 2001
From: Felipe Coutinho <felipi@live.com>
Date: Sat, 4 Apr 2026 03:21:03 +0000
Subject: [PATCH] fix(csp): permitir unsafe-eval apenas em desenvolvimento
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

React precisa de eval() em dev para reconstruir stack traces.
Produção continua sem unsafe-eval.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 next.config.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/next.config.ts b/next.config.ts
index 4ea4df7..f516cba 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -4,6 +4,8 @@ import type { NextConfig } from "next";
 // Carregar variáveis de ambiente explicitamente
 dotenv.config();
 
+const isDev = process.env.NODE_ENV === "development";
+
 const nextConfig: NextConfig = {
 	output: "standalone",
 	cacheComponents: true,
@@ -46,7 +48,7 @@ const nextConfig: NextConfig = {
 						key: "Content-Security-Policy",
 						value: [
 							"default-src 'self'",
-							"script-src 'self' 'unsafe-inline' https://umami.felipecoutinho.com",
+							`script-src 'self' 'unsafe-inline'${isDev ? " 'unsafe-eval'" : ""} https://umami.felipecoutinho.com`,
 							"style-src 'self' 'unsafe-inline'",
 							"img-src 'self' https://lh3.googleusercontent.com data: blob:",
 							"font-src 'self'",