Make static website CSP more permissive
Following !1312 (merged) and some testing I decided to make it more permissive.
This doesn't provide the best security admittedly but the documentation website is a static website with no user sessions. The numerous marketing third-parties make it very difficult to have an allowlist of domain names because they load many dynamic dependencies that we can't really predict. This is a problem that a nonce
and strict-dynamic
solves, but we can't use that on a static website.
Fixes #850
Edited by Dominic Couture