add more sources to allow list

[alisaduncan]

I think this is how it works??

[netlify]

✅ Deploy Preview for okta-blog ready!

Name	Link
🔨 Latest commit	2c4cfbb
🔍 Latest deploy log	https://app.netlify.com/sites/okta-blog/deploys/62c480ba7b947d0009542f0a
😎 Deploy Preview	https://deploy-preview-1206--okta-blog.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[bdemers]

I'd say ship it, but we should open an issue to address a few potential issues with this header in general.

• It's a long string and hard to diff.
• Individual posts shouldn't need to globally change the policy.
• Having individual posts copy/edit the CSP is likely error prone.

For the first one, switching to a netlify.toml might work as we could do something like:

[[headers]]
  for = "/*"
  [headers.values]
	Content-Security-Policy = '''
	upgrade-insecure-requests; 
        default-src 'self' https://app.netlify.com https://devforum.okta.com ...'''

NOTE: Per this issue this cannot be done with a _headers as that would result in an extra comma getting added to the header and making it invalid.

Longer-term maybe we could write a Jekyll plugin to write the _headers file, and have it add additional entries based on a front matter property, e.g. csp-img-src: [https://coolpics.example.com]

Again, all this might be overcomplicating the issue, and those improvements probably shouldn't block your post