T3395

Adding a Content-Security-Policy-Report-Only header. This will return error msgs if anything about the CSP is breaking the app. Will deploy this first, check it out, then deploy CSP.

Would be nice to have a more strict CSP. We need these settings to support sideshift integration as as a script. Also, unsafe-inline is necessary for standard react app functionality (though I believe it's possible to get around this by changing the build script).

For now, any CSP is still better than none.

cd web/cashtab
docker build -t cashtab_local .
docker run --rm -p 8080:80 --name cashtab cashtab_local

In another terminal,

curl -I http://localhost:8080

Can also deploy to netlify with these headers (need to follow their guide), then confirm you get no error log msgs

Note: Since this diff is only adding logs, there is no change as long as nginx.conf still passes nginx -t