This repo contains sample code that uses images and APIs from third party domains, and uses Helmet to safelist those domains using Content Security Policy.
Add a custom configuration helmet in the ./scripts/server.js file.
Watch this Quick Take to learn about the tweaks you need to make to your code to safelist domains.