From d13edb7c0a01b1932b708101e1e168e4e1ba1fe4 Mon Sep 17 00:00:00 2001
From: Roric van Schalkwijk <roric.vanschalkwijk@yard.nl>
Date: Fri, 6 Mar 2026 08:57:53 +0100
Subject: [PATCH] chore: add timeblockr csp whitelist

---
 src/Basic.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Basic.php b/src/Basic.php
index 71ed32b..1e88ba1 100644
--- a/src/Basic.php
+++ b/src/Basic.php
@@ -209,7 +209,13 @@ public function configure()
 			)
 
 			// Used by Filebird
-			->addDirective(Directive::CONNECT, ['https://preview.ninjateam.org']);
+			->addDirective(Directive::CONNECT, ['https://preview.ninjateam.org'])
+
+			// Timeblockr
+			->addDirective(Directive::STYLE, ['https://*.timeblockr.com', 'https://*.timeblockr.cloud', 'https://*.api.timeblockr.cloud'])
+			->addDirective(Directive::FONT, ['https://*.timeblockr.com', 'https://*.timeblockr.cloud', 'https://*.api.timeblockr.cloud'])
+			->addDirective(Directive::CONNECT, ['https://*.timeblockr.com', 'https://*.timeblockr.cloud', 'https://*.api.timeblockr.cloud'])
+			->addDirective(Directive::IMG, ['https://*.timeblockr.com', 'https://*.timeblockr.cloud', 'https://*.api.timeblockr.cloud']);
 
 		// Admin side requires unsafe-inline which doesn't work together with nonces or strict-dynamic
 		if (is_admin()) {