Content Security Policy - Okta React SDK/Okta Auth JS

Is there a comprehensive list of the changes you should anticipate making to the Content Security Policy when incorporating with Okta using Okta JS Libraries?
I was able to get my app working with just adding okta to the connect-src list, but there is a particular case in which we get an error because okta is not on the frame-src list. I don’t see any documentation that that is required, so I’m wondering what else could be missing.