Your goal is to get XSS on this domain that works in the latest version of one of the major browsers. (This includes bypassing the CSP). Good luck!