Fork me on GitHub

hello, I'm running a server in dev mode and getting the following content security policy error in the browser:

Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:". 'strict-dynamic' is present, so host-based whitelisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.


it looks like this is the default policy, so i'm not sure why it's blocking this script from being loaded