Change Details

Adding a Content-Security-Policy-Report-Only header. This will return error msgs if anything about the CSP is breaking the app. Will deploy this first, check it out, then deploy CSP. Would be nice to have a more strict CSP. We need these settings to support sideshift integration as as a script. Also, `unsafe-inline` is necessary for standard react app functionality (though I believe it's possible to get around this by changing the build script). For now, any CSP is still better than none.

T3395 Adding a Content-Security-Policy-Report-Only header. This will return error msgs if anything about the CSP is breaking the app. Will deploy this first, check it out, then deploy CSP. Would be nice to have a more strict CSP. We need these settings to support sideshift integration as as a script. Also, `unsafe-inline` is necessary for standard react app functionality (though I believe it's possible to get around this by changing the build script). For now, any CSP is still better than none.

T3395 Adding a Content-Security-Policy-Report-Only header. This will return error msgs if anything about the CSP is breaking the app. Will deploy this first, check it out, then deploy CSP. Would be nice to have a more strict CSP. We need these settings to support sideshift integration as as a script. Also, `unsafe-inline` is necessary for standard react app functionality (though I believe it's possible to get around this by changing the build script). For now, any CSP is still better than none.