Merge branch 'small-security-settings-fixes' into add-cors

Author: n3rdc4ptn

server.ts

@@ -116,8 +116,9 @@ fastify.register(helmet, {
   contentSecurityPolicy: {
     directives: {
       defaultSrc: ["'self'"],
+      // styleSrc: unsafe-inline is needed for our styling
       styleSrc: ["'self'", "'unsafe-inline'"],
-      imgSrc: ["'self'", 'data:', 'https:'],
+      imgSrc: ["'self'", 'data:'],
       'connect-src': ["'self'", 'sdk.openui5.org', sentryHost, dynatraceOrigin],
       'script-src': isLocalDev
         ? ["'self'", "'unsafe-inline'", "'unsafe-eval'", sentryHost, dynatraceOrigin]

vite.config.js

@@ -35,7 +35,7 @@ export default defineConfig({
   },
 
   build: {
-    sourcemap: process.env.NODE_ENV !== 'production',
+    sourcemap: true, // crucial for sentry
     target: 'esnext', // Support top-level await
   },
 });