fix(security): remover header CSP de respostas de API

CSP não tem efeito em respostas JSON e expunha domínios
internos (Umami, Supabase, logo.dev) em endpoints públicos.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/features/dashboard/categories/category-history-queries.ts

@@ -51,9 +51,7 @@ type UniqueCategory = {
 	icon: string | null;
 };
 
-async function fetchAllCategories(
+async function fetchAllCategories(userId: string): Promise<CategoryOption[]> {
-	userId: string,
-): Promise<CategoryOption[]> {
 	const result = await db
 		.select({
 			id: categories.id,

src/features/dashboard/components/dashboard-welcome.tsx

@@ -1,4 +1,7 @@
-import { formatCurrentDate, getGreeting } from "@/features/dashboard/widget-registry/welcome-widget";
+import {
+	formatCurrentDate,
+	getGreeting,
+} from "@/features/dashboard/widget-registry/welcome-widget";
 
 type DashboardWelcomeProps = {
 	name?: string | null;

src/features/dashboard/components/installment-expenses/installment-expense-list-item.tsx

@@ -1,6 +1,6 @@
 import Image from "next/image";
-import type { InstallmentExpense } from "@/features/dashboard/expenses/installment-expenses-queries";
 import { buildInstallmentExpenseDisplay } from "@/features/dashboard/expenses/installment-expenses-helpers";
+import type { InstallmentExpense } from "@/features/dashboard/expenses/installment-expenses-queries";
 import { EstablishmentLogo } from "@/shared/components/entity-avatar";
 import MoneyValues from "@/shared/components/money-values";
 import { Progress } from "@/shared/components/ui/progress";

src/features/dashboard/components/payment-overview/payment-overview-widget-view.tsx

@@ -1,7 +1,7 @@
 import { RiMoneyDollarCircleLine, RiSlideshowLine } from "@remixicon/react";
-import type { PaymentOverviewTab } from "@/features/dashboard/payments/payment-overview-tabs";
 import type { PaymentConditionsData } from "@/features/dashboard/payments/payment-conditions-queries";
 import type { PaymentMethodsData } from "@/features/dashboard/payments/payment-methods-queries";
+import type { PaymentOverviewTab } from "@/features/dashboard/payments/payment-overview-tabs";
 import {
 	Tabs,
 	TabsContent,

src/features/dashboard/overview/current-period-overview-queries.ts

@@ -6,6 +6,7 @@ import {
 	transactions,
 } from "@/db/schema";
 import type { DashboardBillsSnapshot } from "@/features/dashboard/bills/bills-queries";
+import type { PurchasesByCategoryData } from "@/features/dashboard/categories/purchases-by-category-queries";
 import type { InstallmentExpensesData } from "@/features/dashboard/expenses/installment-expenses-queries";
 import type { RecurringExpensesData } from "@/features/dashboard/expenses/recurring-expenses-queries";
 import type {
@@ -15,7 +16,6 @@ import type {
 import type { PaymentConditionsData } from "@/features/dashboard/payments/payment-conditions-queries";
 import type { PaymentMethodsData } from "@/features/dashboard/payments/payment-methods-queries";
 import type { PaymentStatusData } from "@/features/dashboard/payments/payment-status-queries";
-import type { PurchasesByCategoryData } from "@/features/dashboard/categories/purchases-by-category-queries";
 import type { TopEstablishmentsData } from "@/features/dashboard/top-establishments-queries";
 import { excludeTransactionsFromExcludedAccounts } from "@/features/dashboard/transaction-filters";
 import {

src/features/inbox/components/inbox-card.tsx

@@ -151,7 +151,9 @@ export const InboxCard = memo(function InboxCard({
 
 			<CardContent className="min-h-0 flex-1 overflow-hidden py-2">
 				{item.originalTitle && (
-					<p className="mb-1 line-clamp-2 text-sm font-medium">{item.originalTitle}</p>
+					<p className="mb-1 line-clamp-2 text-sm font-medium">
+						{item.originalTitle}
+					</p>
 				)}
 				<p className="line-clamp-4 whitespace-pre-wrap text-sm text-muted-foreground">
 					{item.originalText}

src/features/settings/components/delete-account-form.tsx

@@ -99,8 +99,7 @@ export function DeleteAccountForm() {
 								Preferências do app, insights salvos e tokens do Companion
 							</li>
 							<li className="font-medium text-foreground">
-								Categorias padrão e pessoa admin serão recriadas
+								Categorias padrão e pessoa admin serão recriadas automaticamente
-								automaticamente
 							</li>
 						</ul>
 

src/features/transactions/components/table/transactions-columns.tsx

@@ -228,9 +228,7 @@ function buildColumns({
 													className="text-muted-foreground"
 													aria-hidden
 												/>
-												<span className="sr-only">
+												<span className="sr-only">Dividido entre pessoas</span>
-													Dividido entre pessoas
-												</span>
 											</span>
 										</TooltipTrigger>
 										<TooltipContent side="top">

src/proxy.ts

@@ -101,7 +101,9 @@ export default async function proxy(request: NextRequest) {
 	}
 
 	const response = NextResponse.next();
-	response.headers.set("Content-Security-Policy", buildCsp());
+	if (!pathname.startsWith("/api/")) {
+		response.headers.set("Content-Security-Policy", buildCsp());
+	}
 	return response;
 }