I linked to externally hosted images (and should remain external, such as Giphy or xkcd) and had to amend the global CSP allowlist. Ideally, we shouldn't have to do so. Furthermore, the policy is already very long and continuing to add to this string will make it even more difficult to maintain.
@bdemers had a few ideas/suggestions and recorded them in my PR #1206 . Linking his comments here so we can evaluate options to improve this process.
#1206 (review)
I linked to externally hosted images (and should remain external, such as Giphy or xkcd) and had to amend the global CSP allowlist. Ideally, we shouldn't have to do so. Furthermore, the policy is already very long and continuing to add to this string will make it even more difficult to maintain.
@bdemers had a few ideas/suggestions and recorded them in my PR #1206 . Linking his comments here so we can evaluate options to improve this process.
#1206 (review)