Has anyone setup their content_security_policy policies for Rails/Turbo projects?

I had to disable my script-src and default-src because it was causing issues with my project.

```
Rails.application.configure do

  config.content_security_policy do |policy|

    # TODO: fix this...

    #policy.default_src      :none

    policy.base_uri         :self

    policy.connect_src      :self, :https

    policy.form_action      :self

    policy.font_src         :self, :https, :data

    policy.img_src          :self, :https, :data

    policy.object_src       :none

    #policy.script_src       :self, :https, :unsafe_eval

    policy.style_src        :self, :https, :unsafe_inline

    policy.frame_ancestors  :none

    # Specify URI for violation reports

    # policy.report_uri "/csp-violation-report-endpoint"

  end
  ...
end
```

Would love to get it back to this but unsure exactly how:

```
Rails.application.configure do

  config.content_security_policy do |policy|

    policy.default_src      :none

    policy.base_uri         :self

    policy.connect_src      :self, :https

    policy.form_action      :self

    policy.font_src         :self, :https, :data

    policy.img_src          :self, :https, :data

    policy.object_src       :none

    policy.script_src       :self, :https

    policy.style_src        :self, :https

    policy.frame_ancestors  :none

    # Specify URI for violation reports

    # policy.report_uri "/csp-violation-report-endpoint"

  end
  ...
end
```

Curious if anyone has gone through it and has recommendations.