addAllowedImageDomain('*'); if ($this->config->getSystemValueBool('debug')) { // Unblock HMR requests. $csp->addAllowedConnectDomain('*'); $csp->addAllowedScriptDomain('*'); } $response = new TemplateResponse(Application::APP_ID, 'main'); $response->setContentSecurityPolicy($csp); return $response; } }