Add settings for enabling CSP to config file (#2134)

* add enabling csp to config file

* comment out report URI to avoid breaking self-hosted

Author: hubertdeng123

sentry/sentry.conf.example.py

@@ -306,3 +306,16 @@ def get_internal_network():
 
 if OPENAI_API_KEY:
   SENTRY_FEATURES["organizations:open-ai-suggestion"] = True
+
+##############################################
+# Content Security Policy settings
+##############################################
+
+if "csp.middleware.CSPMiddleware" not in MIDDLEWARE:
+    MIDDLEWARE = ("csp.middleware.CSPMiddleware",) + MIDDLEWARE
+# CSP_REPORT_URI = "https://{your-sentry-installation}/api/{csp-project}/security/?sentry_key={sentry-key}"
+CSP_REPORT_ONLY = True
+
+# optional extra permissions
+# https://django-csp.readthedocs.io/en/latest/configuration.html
+# CSP_SCRIPT_SRC += ["example.com"]