Fix CSP error (#60)

* add netlify domain to frame-src

* add domain to default src

* add netlify to script src

* fix script src

* add blob

* allow camera and microphone

* format header file

* update comments

* keep csp only

* revert format

* netlify.app

* add cross domain

Author: jojozhuang

src/_headers

@@ -1,7 +1,9 @@
 /*
-  X-Frame-Options: DENY
-  X-XSS-Protection: 1; mode=block
+  X-Frame-Options: SAMEORIGIN
   X-Content-Type-Options: nosniff
   Referrer-Policy: strict-origin-when-cross-origin
-  Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
-  Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https://api.github.com/
+  Cross-Origin-Resource-Policy: cross-origin
+  Cross-Origin-Embedder-Policy: require-corp
+  Cross-Origin-Opener-Policy: same-origin
+  Permissions-Policy: accelerometer=(), camera=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(self), payment=(), usb=()
+  Content-Security-Policy: default-src 'self' https://*.netlify.com https://*.netlify.app; script-src 'self' blob: https://*.netlify.com https://*.netlify.app 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https://api.github.com/