CSP Enabled Verification #4517
Description
1. The below header should be present as response CSP header
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://cdn.segment.com https://static.fs.topcoder.com https://static.filestackapi.com; style-src 'self' 'unsafe-inline' https://static.fs.topcoder.com https://fonts.googleapis.com; img-src * 'self' https://community-app.topcoder-dev.com https://www.google.co.in/ads/ga-audiences https://www.google.com/ads/ga-audiences https://static.fs.topcoder.com blob: data:; frame-src 'self' https://accounts-auth0.topcoder-dev.com/; connect-src 'self' https://topcoder-dev-media.s3.amazonaws.com https://cdn.contentful.com/ https://api.topcoder-dev.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cloud.fs.topcoder.com https://upload.fs.topcoder.com https://submission-staging-dev.s3.amazonaws.com blob:; font-src 'self' https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'
This is for DEV env
Note : Apart from the above CSP header all the functionalities should be working fine and browser console could be monitored during QA to identify any occurring issues.