I have been using React as a frontend on the IC for quite some time and usually load images as Nat8 and then turn them into a data URL (blob). This used to work. I now noticed with a new project that the content security policy doesn’t allow image sources as blob and so I tried to set it in the index.html but the changes don’t have any effect. I also get this warning “out of the box” with any new React installation:
Refused to load the script 'https://email@example.com/dist/js/select2.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Afaik this tag in the index.html should sort this out, but it doesn’t:
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-eval' cdn.jsdelivr.net">
It seems that the security policy is being set somewhere else. Does anybody know how I can adjust it?