Allow UNPKG in CSP

thallium-backend/src/app.py

@@ -42,7 +42,8 @@ async def add_process_time_and_security_headers(
  response.headers["Strict-Transport-Security"] = "max-age=31536000"
  response.headers["X-Content-Type-Options"] = "nosniff"
  response.headers["Content-Security-Policy"] = (
- "default-src 'self'; script-src 'unsafe-inline' https://cdn.jsdelivr.net/;"
+ "default-src 'self';"
+ " script-src 'unsafe-inline' https://cdn.jsdelivr.net/ https://unpkg.com/;"
  " style-src https://cdn.jsdelivr.net/ https://fonts.googleapis.com/;"
  " img-src 'self' data:;"
  )