Add CSP headers

next.config.js

@@ -1,5 +1,16 @@
 const { RetryChunkLoadPlugin } = require("webpack-retry-chunk-load-plugin");
 
+const self = "'self' https://*.replay.io wss://*.replay.io";
+const csp = `
+  frame-ancestors ${self};
+  default-src ${self};
+  style-src ${self} 'unsafe-inline';
+  script-src ${self} 'unsafe-eval' data: blob: https://*.stripe.com https://*.lr-ingest.io https://*.intercom.io https://*.intercomcdn.com https://*.launchdarkly.com;
+  connect-src ${self} https://webreplay.us.auth0.com https://*.launchdarkly.com/ https://*.stripe.com https://*.intercom.io wss://*.intercom.io;
+  img-src ${self} https: data:;
+  frame-src ${self} https://webreplay.us.auth0.com https://*.stripe.com;
+`;
+
 module.exports = {
   productionBrowserSourceMaps: true,
 
@@ -14,7 +25,7 @@ module.exports = {
           },
           {
             key: "Content-Security-Policy",
-            value: "frame-ancestors 'self' https://*.replay.io/",
+            value: csp.split("\n").join(""),
           },
         ],
       },