I don’t know how I’m screwing this up. I can’t see how I’m the only one facing what looks like a bug.
If I define
env: stanza in my
yml for a fairly standard multisite configuration. All of the CDN urls get rejected by the browser as a CSP error.
content security policy script src claims “Additional whitelisted script sources. The current host and CDN are included by default. See Mitigate XSS Attacks with Content Security Policy.”, but when I define it (or add/remove it to
sv restart unicorn), I get this:
content security policy report only set to true, the site still won’t load.
content_security_policy or adding the CDN URL to
content security policy script src seems to be required to get the browser to load the assets.
here is my