It is not currently possible to make PD Viewer fully CSP compliant.
We are able to achieve partial CSP compliance through this guide provided by Accusoft https://drive.google.com/file/d/1CUIo8Rhe5G8DgyAdaoBRjOqs6MnKl3Ep/view
This guide provides the steps to allow the
script-scr 'self' policy.
Setting a CSP policy of
img-src: 'self' or
font-src: 'self' will fail. Currently the viewer relies on data URLs for the viewer code, including in viewercontrol.js
There should be a way to modify the viewer samples to make them fully CSP compliant.