* Add Content-Security-Policy header
* Add nonce attribute to script tags
* Use source-map for webpack devtool
* Add ng-csp attribute when CSP is enabled
* Allow overriding CSP settings with environment variables
* Hook into render and allow routes to disable the CSP header
GitOrigin-RevId: a873736a3514198165f1b2f1e18d002b65f20d30
* [misc] move /user/activate into a module
Co-Authored-By: Nate Stemen <nate.stemen@overleaf.com>
* [misc] setup copybara for the new user-activate module
* [misc] move the /user/activate route behind a feature flag
...which is by default enabled.
Co-authored-by: Nate Stemen <nate.stemen@overleaf.com>
GitOrigin-RevId: 87fc5ae869a7e282ffdbeea0ff7b7c55b8b9b31b