Add api.dune.com to recommended CSP connect-src directive

[devin-ai-integration]

Add api.dune.com to recommended CSP connect-src directive

Summary

Added https://api.dune.com to the recommended Content Security Policy (CSP) connect-src directive in the security documentation. This allows applications using the recommended CSP to make network requests to the Dune Analytics API.

Files changed:

• advanced/security/content-security-policy.mdx - Added Dune API endpoint to the CSP connect-src list

Review & Testing Checklist for Human

• Verify URL accuracy: Confirm https://api.dune.com is the correct Dune Analytics API endpoint
• Test documentation rendering: Ensure the CSP code block still renders correctly on the docs site
• Security review: Confirm this URL should be whitelisted in the recommended CSP for AppKit users

---

Diagram

%%{ init : { "theme" : "default" }}%%
graph TD
    A["advanced/security/<br/>content-security-policy.mdx"]:::major-edit
    B["CSP connect-src directive"]:::context
    C["Dune Analytics API<br/>https://api.dune.com"]:::context
    D["Other whitelisted domains<br/>(WalletConnect, etc.)"]:::context
    
    A --> B
    B --> C
    B --> D
    
    subgraph Legend
        L1["Major Edit"]:::major-edit
        L2["Minor Edit"]:::minor-edit  
        L3["Context/No Edit"]:::context
    end
    
    classDef major-edit fill:#90EE90
    classDef minor-edit fill:#87CEEB
    classDef context fill:#FFFFFF

Loading

Notes

• This change maintains the existing CSP format and spacing conventions
• The URL is added at the end of the existing connect-src list
• Pre-existing spell check issues in the repository are unrelated to this change
• Requested by [email protected] via Slack
• Link to Devin run: https://app.devin.ai/sessions/dca0d703644240b4bf8f4b028de8ac9c
• Requested by: @tomiir

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[github-actions]

@devin-ai-integration[bot] Please review the tone of voice for the content changes in this PR against Reown's brand guidelines.

📝 Content Review Request

Files to review: 1

• advanced/security/content-security-policy.mdx

Review focus:

• Tone alignment with Reown's brand guidelines
• Clear and accessible language for developers
• Professional yet approachable communication
• Consistent terminology usage

Guidelines summary:

• Clear & Accessible: Translate complex ideas into approachable language
• Professional yet Friendly: Maintain authority while being welcoming
• Developer-Focused: Understand technical audience but remain inclusive
• Avoid: Overly casual language, fear-based messaging, buzzwords, jargon without explanation
• Embrace: Clear explanations, confident tone, transparency, respectful communication

Please analyze the content changes and provide constructive feedback on tone and voice alignment.