CSP Enabled Verification

[drasticdpk]

The below header should be present as response CSP header

DEV env

default-src 'none'; script-src https://cdn.segment.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; img-src data: 'self'; base-uri 'self'; font-src https://at.alicdn.com https://maxcdn.bootstrapcdn.com 'self'; frame-src https://accounts-auth0.topcoder-dev.com; connect-src https://api.topcoder-dev.com https://cdn.jsdelivr.net 'self'; form-action 'self'; frame-ancestors 'none'; plugin-types 'none';

PROD env

default-src 'none'; script-src https://cdn.segment.com https://cdn.heapanalytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; img-src data: https://heapanalytics.com 'self'; base-uri 'self'; font-src https://at.alicdn.com https://maxcdn.bootstrapcdn.com 'self'; frame-src https://accounts-auth0.topcoder.com; connect-src https://api.topcoder.com https://cdn.jsdelivr.net https://api.segment.io/ https://cdn.segment.com/ 'self'; form-action 'self'; frame-ancestors 'none'; plugin-types 'none';

[RishiRajSahu]

Apart from the above CSP header all the functionalities should be working fine and browser console could be monitored during QA to identify any occurring issues.

fyi @lakshmiathreya @drasticdpk