fix(csp): Update policy for FA and remove optimizely

server/middlewares/csp.js

@@ -23,8 +23,7 @@ export default function csp() {
     directives: {
       defaultSrc: trusted.concat([
         'https://*.cloudflare.com',
-        '*.cloudflare.com',
-        'https://*.optimizely.com'
+        '*.cloudflare.com'
       ]),
       connectSrc: trusted.concat([
         'https://glitch.com',
@@ -47,8 +46,7 @@ export default function csp() {
         '*.twimg.com',
         'https://*.twimg.com',
         '*.youtube.com',
-        '*.ytimg.com',
-        'https://*.optimizely.com'
+        '*.ytimg.com'
       ].concat(trusted),
       styleSrc: [
         "'unsafe-inline'",
@@ -58,7 +56,6 @@ export default function csp() {
         'https://*.bootstrapcdn.com',
         '*.cloudflare.com',
         'https://*.cloudflare.com',
-        'https://*.optimizely.com',
         'https://use.fontawesome.com'
       ].concat(trusted),
       fontSrc: [
@@ -67,8 +64,7 @@ export default function csp() {
         '*.bootstrapcdn.com',
         '*.googleapis.com',
         '*.gstatic.com',
-        'https://*.bootstrapcdn.com',
-        'https://*.optimizely.com'
+        'https://*.bootstrapcdn.com'
       ].concat(trusted),
       imgSrc: [
         // allow all input since we have user submitted images for