[Cashtab] Add CSP report only header
Summary:
T3395
Adding a Content-Security-Policy-Report-Only header. This will return error msgs if anything about the CSP is breaking the app. Will deploy this first, check it out, then deploy CSP.
Would be nice to have a more strict CSP. We need these settings to support sideshift integration as as a script. Also, unsafe-inline is necessary for standard react app functionality (though I believe it's possible to get around this by changing the build script).
For now, any CSP is still better than none.
Test Plan:
cd web/cashtab docker build -t cashtab_local . docker run --rm -p 8080:80 --name cashtab cashtab_local
In another terminal,
curl -I http://localhost:8080
Can also deploy to netlify with these headers (need to follow their guide), then confirm you get no error log msgs
Note: Since this diff is only adding logs, there is no change as long as nginx.conf still passes nginx -t
Reviewers: #bitcoin_abc, PiRK
Reviewed By: #bitcoin_abc, PiRK
Differential Revision: https://reviews.bitcoinabc.org/D15106