I am seeing some console errors locally:
In production environments, I also see sources added in the format https://CDN_SERVER/theme-javascripts/31657759d037d8c06397e9965a1113169100846e.js...
which is redundant, because the policy already whitelists https://CDN_SERVER/theme-javascripts
. Probably limit the auto-extension to to external script sources only?