source:
https://blog.0daylabs.com/2016/09/09/bypassing-csp/