What are the Content Security Policy requirements?

Which product are you using?
Evaluating whether PDF.js Express Plus is suitable

PDF.js Express Version

N/A

Detailed description of issue
Before we commit to using PDF.js Express Plus we need to know what the required Content Security Policy rules are. We have strict policy requirements and cannot allow unsafe-inline or unsafe-eval. Are you able to let me know what the required rules are? Thanks!

Expected behaviour
N/A

Does your issue happen with every document, or just one?
N/A

Link to document
N/A

Code snippet
N/A