Fix Content-Security-Policy header #1574
Description
The value of the Content-Security-Policy header we send can be improved. In frontend/utils/contentSecurityPolicy.ts, there are missing spaces in scriptSrc (which seem to block our Matomo scripts). Furthermore, we should look at the various unsafe- and https: directives, as they allow everything. On the other hand, the strict-dynamic directive overrides some of the other directives, so we should have a thorough look what we exactly need.