You can edit the contents of your CSP text files. A CSP external resource is a text file with lines for each directive (name-values). The text file must be encoded in UTF-8.
If your style-src and script-src keywords do not include the 'unsafe-inline' value, you must add a nonce attribute (represented by the replacement variable %{nonce_hdr}%
To edit a CSP text file, open the settings of your Web Page:
And select your Content Security Policy:
For example, this CSP only allows my app domain, Google Analytics and APIs:
After you have applied the CSP, you need to save and recompile your web page. When you run your web page, the contents of your CSP external resource file are sent as HTTP headers.
