# This file contains Content Security Policy (CSP) directives to test Wagtail's compatibility with CSP.
# If the variables defined here are loaded into the environment, CSP will be enabled.

# These values are commented out by default because Wagtail is not (yet) compatible with
# the strict policy defined below.

# Careful about the quoting of directives! It is easy to break.
# CSP_DEFAULT_SRC="'self'"
# CSP_SCRIPT_SRC="'self', 'report-sample'"
# CSP_STYLE_SRC="'self', 'report-sample'"
# CSP_IMG_SRC="'self', blob:, i.ytimg.com, www.gravatar.com"
# CSP_CONNECT_SRC="'self', releases.wagtail.org"
# CSP_FRAME_SRC="'self', www.youtube.com"