Describe the solution you'd like

The current Content Security Policy is hardcoded, but not all deployments have the same requirements. It would be helpful to allow customizing the CSP, for example, from an ini file.