Fix CSP so that the policy can be enforced and not just report only

[dalelane]

The CSP policy currently used is not correct.

taxinomitis/src/lib/restapi/config.ts

Lines 43 to 90 in 3d32953

	export const CSP_DIRECTIVES = {
	defaultSrc: ["'self'", "'unsafe-inline'",
	'http://cdn.auth0.com',
	'https://cdn.auth0.com',
	'https://cdn.eu.auth0.com',
	'https://unpkg.com',
	'https://storage.googleapis.com',
	'https://www.google-analytics.com',
	],
	styleSrc: ["'self'", "'unsafe-inline'",
	'https://ton.twimg.com',
	'https://platform.twitter.com',
	],
	scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'",
	'http://cdn.auth0.com',
	'https://cdn.auth0.com',
	'https://cdn.eu.auth0.com',
	'https://unpkg.com',
	'https://storage.googleapis.com',
	'http://embed-assets.wakelet.com',
	'http://platform.twitter.com',
	'https://cdn.syndication.twimg.com',
	'https://www.youtube.com',
	'https://player.vimeo.com',
	'https://www.google-analytics.com',
	'https://www.googletagmanager.com',
	'https://browser.sentry-cdn.com',
	'https://d3js.org',
	],
	frameSrc: ["'self'",
	'http://embed.wakelet.com',
	'https://syndication.twitter.com',
	'https://platform.twitter.com',
	'https://www.youtube.com',
	'https://player.vimeo.com'
	],
	imgSrc: ["'self'",
	'https://auth0.com',
	'http://cdn.auth0.com',
	'https://cdn.auth0.com',
	'https://cdn.eu.auth0.com',
	'https://pbs.twimg.com',
	'https://ton.twimg.com',
	'https://platform.twitter.com',
	'https://syndication.twitter.com',
	'data:',
	],
	};

This was brought to light after a recent version update of the helmet module. To avoid breakages, the CSP was switched to report-only as a temporary workaround.

taxinomitis/src/lib/restapi/index.ts

Lines 42 to 44 in e665e30

	contentSecurityPolicy: {
	// TODO : https://github.com/IBM/taxinomitis/issues/346 will remove this
	reportOnly : true,

The CSP needs to be fixed so that the enforcement can be re-enabled.

[dalelane]

taxinomitis/src/lib/restapi/config.ts

Lines 52 to 54 in e665e30

	styleSrc: ["'self'",
	// TODO : https://github.com/IBM/taxinomitis/issues/346 should remove this
	"'unsafe-inline'",

[dalelane]

taxinomitis/src/lib/restapi/config.ts

Lines 59 to 62 in e665e30

	scriptSrc: ["'self'",
	// TODO : https://github.com/IBM/taxinomitis/issues/346 should investigate these
	"'unsafe-eval'",
	"'unsafe-inline'",

[dalelane]

Some of the errors that these are hiding are from angular - see https://docs.angularjs.org/api/ng/directive/ngCsp for details