Content Security Policy issue delivered in report-only mode

Hello, 
The below example used to work perfectly fine 2 weeks ago last time I worked on it.
The error thrown is from the iframe src response headers injected by apis.google.com/js/api.js.

<img width="946" alt="Screenshot 2019-04-08 at 10 42 58" src="https://user-images.githubusercontent.com/20269032/55712481-1d96f900-59ef-11e9-9d69-f8c9cbeef3ed.png">
Is there something wrong on my end?

```
<script src="https://apis.google.com/js/api.js"></script>
<script>
    gapi.load('client', function () {
        gapi.client.init({
            'apiKey': '____myAPIkey_______',
            'discoveryDocs': ["https://www.googleapis.com/discovery/v1/apis/calendar/v3/rest"],
        }).then(() =>
            gapi.client.calendar.events.list({
                calendarId: '____myCalendarkey_______',
                timeMin: (new Date('2019-04-09')).toISOString(),
                timeMax: (new Date('2019-04-09T23:00:00.000Z')).toISOString(),
                showDeleted: false,
                singleEvents: true,
                maxResults: 20,
                orderBy: 'startTime',
            }))
            .then(data => console.log(data.result))
            .catch(error => console.error(error))
    })
</script>
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Content Security Policy issue delivered in report-only mode #518

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Content Security Policy issue delivered in report-only mode #518

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions