Maybe I am missing something, but I do not see these settings in the settings UI.
content_security_policy
content_security_policy_report_only
-
content_security_policy_collect_reports
(I see that is hidden now) content_security_policy_script_src
Are these options available to hosted instances? I didn’t see any mention of that being a limitation in the original post or comments.
Edit: Also attempted to set the security policy through a theme.
Does not seem to be working as instructed in original post.
I’m assuming the hosted plan I’m on doesn’t allow this, even when done via a theme or theme component?
Or maybe I am just doing something totally wrong.