Add Content Security Policy for 2.3.5

[andrewkett]

After upgrading to 2.3.5 the following errors are logged in the browser console

[Report Only] Refused to load the script 'https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=' because it violates the following Content Security Policy directive:

[Report Only] Refused to load the script 'https://fast.a.klaviyo.com/media/js/analytics/klaviyo_analytics.js?v=5' because it violates the following Content Security Policy directive: 

[Report Only] Refused to connect to 'https://fast.a.klaviyo.com/onsite/api/v2/modules?company_id=' because it violates the following Content Security Policy directive: 

This is caused by a new module in 2.3.5 module-csp and can be resolved by adding Klaviyo domains to the Content Security Policy in a csp_whitelist.xml file. See https://devdocs.magento.com/guides/v2.3/extension-dev-guide/security/content-security-policies.html

[remstone7]

Thank you for bringing this up, we will resolve this!

[njparadis]

Addressed here: https://github.com/klaviyo/magento2-klaviyo/pull/71 Will be packaged in v1.1.11