Customize the Content Security Policy for apps
Admins can now customize the Content Security Policy (CSP) that Retool enforces on apps. Retool applies a strict default policy that restricts which origins an app can load scripts, fonts, images, and other resources from. You can now extend that policy org-wide to allow the additional origins your apps need, or tighten the defaults further.
For example, if custom JavaScript in an app loads a charting library from a CDN such as https://cdn.example.com, the default script-src 'self' policy blocks the script and the app fails to render it. You can now add that origin to script-src so the app can load it without loosening the policy for any other resource.
Custom CSP applies only to apps built in the app builder. They do not apply to classic apps.
Configure rules in Settings > App security > Content Security Policy. Changes apply to every app in your organization and are recorded in your audit logs.
For more information, refer to Customize the Content Security Policy for apps.