Work with a restrictive CSP policy

Currently, Atlas doesn't play nice with CSP, because it embeds css and javascript inside the html code, instead of putting them into dedicated files.

The usage of CSP would make exploitation of (potential) XSS harder.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information