Merge pull request #21 from aws-samples/docs/edit-content-security-policy

Explain how to update the Content Security Policy

Author: ConnorKirk

README.md

@@ -100,7 +100,8 @@ To download the CloudFormation template to deploy on your own, for example by [u
 
 https://s3.amazonaws.com/solution-builders-us-east-1/amazon-cloudfront-secure-static-site/latest/main.yaml
 
-## Update the website content locally before deploying the solution
+## Customizing the Solution
+### Update the website content locally 
 
 **To customize the website with your own content before deploying the solution**
 
@@ -137,6 +138,13 @@ https://s3.amazonaws.com/solution-builders-us-east-1/amazon-cloudfront-secure-st
         --capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \
         --parameter-overrides  DomainName=<your domain name> SubDomain=<your website subdomain>
     ```
+### Updating the site Content Security Policy
+
+To change the Content Security Policy of the site:
+
+1. Make your changes to the header values by editing `source/secured-headers/index.js`. 
+1. Deploy the solution by following the steps in [Update the website content locally](#update-the-website-content-locally)
+
 
 ## Contributing
 Contributions are welcome. Please read the [code of conduct](CODE_OF_CONDUCT.md) and the [contributing guidelines](CONTRIBUTING.md).