For this ticket, we need to rework the Content Security Policy (CSP) header implementation to make its configuration more flexible. Currently, the CSP header is configured with predefined external domains. However, in the SELV implementation, PowerBI (an external resource not listed in the CSP header) was being used, causing the CSP to block access to it entirely.

To prevent situations like this, we need a solution that enables accurate CSP header configuration for each implementation. For example, we could have a list of allowed domains in the .env file, which can then be mapped and applied dynamically in the CSP configuration.

NOTE: The solution for this issue is not yet determined. In the scope of this ticket, we need to conduct research and come up with the best approach to handle this flexibility in the CSP configuration.