Show allowing websocket connections

[nathanl]

It's not easy to find good documentation on allowing web sockets. https://outlandish.com/blog/configure-content-security-policy-with-websockets-and-express/ claims you need the domain, but connect-src 'self' ws: wss: seems to be working for me.

[rugk]

Well there is certainly somewhat of doc findable: https://stackoverflow.com/questions/32986074/content-security-policy-meta-tag-for-allowing-web-socket#41389590

However, I agree it may be a good idea to add a proper doc here.

[rugk]

Though it's kinda already mentioned: https://content-security-policy.com/connect-src/