Regression: CSP change breaks local JS loading #182
Labels
kind/bug
A bug in existing code (including security flaws)
need/triage
Needs initial labeling and prioritization
The change in #176 ends up breaking loading of local JS.
The CSP was changed to contain:
but it should include self:
Otherwise, all local scripts within CID are broken, as per: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src
The text was updated successfully, but these errors were encountered: