From 396537c624e0c6afbaa064037d7872a4c71a28fa Mon Sep 17 00:00:00 2001
From: nesquena-hermes <nesquena+hermes@gmail.com>
Date: Fri, 24 Apr 2026 10:45:09 -0700
Subject: [PATCH] chore: v0.50.189 CHANGELOG (#961 csp)

Co-authored-by: nesquena-hermes <nesquena-hermes@users.noreply.github.com>
---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3f1a6ffb..49f2ff9f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,11 @@
 
 ## v0.50.189 — 2026-04-24
 
+### Fixed
+- **CSP: explicit `manifest-src 'self'` directive** — adds `manifest-src 'self'` to the `Content-Security-Policy` header. Browsers fall back to `default-src` when `manifest-src` is absent (functionally correct), but being explicit satisfies strict CSP audits and avoids browser-specific deviations. Includes regression test. (`api/helpers.py`, `tests/test_pwa_manifest_csp.py`) By @24601. [#961]
+
+## v0.50.189 — 2026-04-24
+
 ### Fixed
 - **CSP: explicit `manifest-src 'self'` directive** — adds `manifest-src 'self'` to the `Content-Security-Policy` header. Browsers fall back to `default-src` when `manifest-src` is absent (functionally correct), but the explicit directive satisfies strict CSP audits and avoids any browser-specific deviation. Includes regression test. (`api/helpers.py`, `tests/test_pwa_manifest_csp.py`) By @24601. [#961]