From 87ae36ef220efc6628beed4ad63b4168d02770ad Mon Sep 17 00:00:00 2001
From: Snider <snider@host.uk.com>
Date: Tue, 10 Mar 2026 05:28:01 +0000
Subject: [PATCH] fix: remove host_analytics from framework CSP config

Website-specific CSP sources belong in app config, not framework.

Co-Authored-By: Virgil <virgil@lethean.io>
---
 src/Core/Headers/config.php | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/src/Core/Headers/config.php b/src/Core/Headers/config.php
index 40f70e5..1d0815f 100644
--- a/src/Core/Headers/config.php
+++ b/src/Core/Headers/config.php
@@ -214,13 +214,6 @@ return [
                 'script-src' => ['https://connect.facebook.net'],
                 'frame-src' => ['https://www.facebook.com'],
             ],
-
-            'host_analytics' => [
-                'enabled' => env('SECURITY_CSP_HOST_ANALYTICS', false),
-                'script-src' => ['https://analytics.host.uk.com'],
-                'connect-src' => ['https://analytics.host.uk.com'],
-                'img-src' => ['https://analytics.host.uk.com'],
-            ],
         ],
     ],