Content Security Policy: The settings of the page have blocked the loading of a resource ("script-src")

Of course you can. You should expose for example - "83:80" on app.yml, or what ever port your reverse proxy uses to send traffic to backend. Or you can use websocket.

You want to use a reverse proxy that is not a standard install.