Fix CSP for Firebase auth

lovable-dev[bot] · lovable-dev[bot] · commit 5677a65af857 · 2025-08-21T09:50:38.000Z
The AI identified that the login issue on Vercel was caused by Content Security Policy (CSP) violations preventing Firebase authentication requests. It updated `index.html` to include the necessary Firebase domains in the `connect-src` directive. The AI instructed the user to redeploy the Vercel application after this change.
diff --git a/vercel.json b/vercel.json
@@ -32,7 +32,7 @@
         },
         {
           "key": "Content-Security-Policy",
-          "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.gpteng.co https://embed.tawk.to https://va.tawk.to; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://api.stripe.com https://refspring-default-rtdb.europe-west1.firebasedatabase.app wss://embed.tawk.to; frame-src https://js.stripe.com https://embed.tawk.to; object-src 'none'; base-uri 'self'; upgrade-insecure-requests"
+          "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.gpteng.co https://embed.tawk.to https://va.tawk.to; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://api.stripe.com https://refspring-default-rtdb.europe-west1.firebasedatabase.app https://identitytoolkit.googleapis.com https://securetoken.googleapis.com https://firestore.googleapis.com https://us-central1-refspring-8c3ac.cloudfunctions.net wss://embed.tawk.to; frame-src https://js.stripe.com https://embed.tawk.to; object-src 'none'; base-uri 'self'; upgrade-insecure-requests"
         }
       ]
     }

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@`
`32`	`32`	`},`
`33`	`33`	`{`
`34`	`34`	`"key": "Content-Security-Policy",`
`35`		- "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.gpteng.co https://embed.tawk.to https://va.tawk.to; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://api.stripe.com https://refspring-default-rtdb.europe-west1.firebasedatabase.app wss://embed.tawk.to; frame-src https://js.stripe.com https://embed.tawk.to; object-src 'none'; base-uri 'self'; upgrade-insecure-requests"
	`35`	+ "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.gpteng.co https://embed.tawk.to https://va.tawk.to; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://api.stripe.com https://refspring-default-rtdb.europe-west1.firebasedatabase.app https://identitytoolkit.googleapis.com https://securetoken.googleapis.com https://firestore.googleapis.com https://us-central1-refspring-8c3ac.cloudfunctions.net wss://embed.tawk.to; frame-src https://js.stripe.com https://embed.tawk.to; object-src 'none'; base-uri 'self'; upgrade-insecure-requests"
`36`	`36`	`}`
`37`	`37`	`]`
`38`	`38`	`}`