The sample gateway CSP is valid for a production environment only. The following is an example of a CSP for the gateway test environment.
<meta http-equiv="Content-Security-Policy" content="
style-src 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com 'unsafe-inline';
frame-src 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com https://test.ppipe.net https://test.oppwa.com/;
script-src 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com 'nonce-${nonce}';
connect-src 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com;
img-src 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com;
">