However, @Johani made an excellent suggestion on how we can improve it.
Rather than asking theme developers to copy/paste things around the admin UI, we can do this automatically. We can parse all of the HTML in a theme, extract the src of any external scripts, and add it to the CSP.
After all, computers are a lot better at repetitive copy/paste than humans!
I opened a PR which implements that:
I am seeing some console errors locally:
In production environments, I also see sources added in the format
This is awesome. @merefield isn’t this super cool?