fix: add connect img and frame csp directives (#2910)

fix: revert csp tag in developer index.html (#2910)

.storybook/post-process-index-file.js

@@ -53,14 +53,15 @@ function addCspTag(filePath) {
   // const styleEndMatch = '</style>';
   // readHashesForMatch(htmlDocument, styleMatch, styleEndMatch, styleHashes);
 
-  const cspTag = `<meta
-  http-equiv="Content-Security-Policy"
-  content="script-src-elem  'strict-dynamic' 'report-sample' ${hashes.join(
-    ' '
-  )} 'self';style-src 'report-sample' 'unsafe-inline' ${styleHashes.join(
-    ' '
-  )} 'self';font-src static2.sharepointonline.com 'self';default-src 'self'; base-uri 'self'; upgrade-insecure-requests; form-action 'self';report-to https://csp.microsoft.com/report/MGT-Playground"
-/>`;
+  const cspTag = `
+  <meta
+    http-equiv="Content-Security-Policy"
+    content="script-src-elem  'strict-dynamic' 'report-sample' ${hashes.join(
+      ' '
+    )} 'self';style-src 'report-sample' 'unsafe-inline' ${styleHashes.join(
+      ' '
+    )} 'self';font-src static2.sharepointonline.com 'self';connect-src https://cdn.graph.office.net https://login.microsoftonline.com https://graph.microsoft.com https://mgt.dev 'self';img-src data: https: 'self';frame-src https://login.microsoftonline.com 'self';default-src 'self'; base-uri 'self'; upgrade-insecure-requests; form-action 'self';report-to https://csp.microsoft.com/report/MGT-Playground"
+  />`;
   const updatedHtmlDocument = htmlDocument.replace(
     /<head>/,
     `<head>

index.html

@@ -4,7 +4,6 @@
     <meta charset="utf-8" />
     <meta http-equiv="X-UA-Compatible" content="IE=edge" />
     <title>Microsoft Graph Toolkit Test</title>
-    <meta http-equiv="Content-Security-Policy" content="default-src 'self'">
     <meta name="viewport" content="width=device-width, initial-scale=1" />
 
     <link href="https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.1/normalize.min.css" rel="stylesheet" />