I'm getting a bunch of errors in the developer console:
Refused to evaluate a string Refused to execute inline script because it violates the following Content Security Policy directive Refused to load the script Refused to load the stylesheet
What's this all about? How does Content Security Policy (CSP) work? How do I use the Content-Security-Policy HTTP header?
Specifically, how to...
...allow multiple sources? ...use different directives? ...use multiple directives? ...handle ports? ...handle different protocols? ...allow file:// protocol? ...use inline styles, scripts, and tags