Create CSP.md

CSP.md

@@ -0,0 +1,9 @@
+To prevent unautorized network access, Copay and Bitpay Wallet v5.3.0 and above use the following Content Security Policy (CSP)
+
+  <meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-eval' https://bws.bitpay.com
+  https://bitpay.com https://auth.shapeshift.io https://shapeshift.io https://api.coinbase.com https://coinbase.com; 
+  img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:">
+
+This restrict network connections to the listed hosts only. As a consecuence, accessing self-hosted Bitcore Wallet Service 
+(BWS) hosts will not be allowed. If you are using a self-hosted BWS you need to build the app yourself from source 
+and modify that above line (at app-template/index-template.html) to match your host.