Zen browser's implementation of Content Security Policy

[KangAbbad]

Captchas

• I have read the instructions.
• I have searched existing issues and avoided creating duplicates.
• I am not filing an enhancement request.

What happened?

I expected to access grok.com normally without any Content Security Policy blocking errors. The website should load properly with all scripts executing as intended, similar to how it functions in other browsers. Instead, I'm encountering CSP errors that are preventing inline scripts from executing, which appears to be specifically related to how Zen browser is handling the site's security policies.

Reproducible?

• I have checked that this issue cannot be reproduced on Mozilla Firefox.

Version

1.10.1b

What platform are you seeing the problem on?

macOS - aarch64

Relevant log output if applicable

Content-Security-Policy: The page’s settings blocked an event handler (script-src-attr) from being executed because it violates the following directive: “script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.js.stripe.com https://js.stripe.com https://www.googletagmanager.com https://static.cloudflareinsights.com 'nonce-bW96LWV4dGVuc2lvbjovLzQyMmU2ZjJjLWI5NTEtNDUyZS1hOTZhLTY2ODFkYmVjOWQ2Ni8='”

[lightyisu]

The same question when logging into Grok using Google account with checking f12 console

[zen-browser-auto]

Closing this issue as part of a repo cleanup

Due to technical-debt we had in the past, we are currently clearing out old, duplicate, stale, and non-actionable issues to improve issue tracking and make it easier to focus on fixing real bugs.

If this issue is still relevant, please open a new issue using our updated issue template, which will help us categorize and address it more efficiently.

Thanks for your understanding and for helping us improve the project! 🚀

This issue can be reopened at: https://github.com/zen-browser/desktop/issues/new?template=bug_report.yml&title=Zen%20browser%27s%20implementation%20of%20Content%20Security%20Policy%0A