This can be done via ContentSecurityPolicy and Cloudron supports this for all apps: https://cloudron.io/documentation/apps/#custom-csp