Automatically adding theme scripts to CSP

I am seeing some console errors locally:

In production environments, I also see sources added in the format https://CDN_SERVER/theme-javascripts/31657759d037d8c06397e9965a1113169100846e.js... which is redundant, because the policy already whitelists https://CDN_SERVER/theme-javascripts. Probably limit the auto-extension to to external script sources only?

6 Likes