How do I solve problems with the Content Security Policy (CSP)?

Messages about issues with the Content Security Policy (CSP) may appear in the browser’s developer tools console. Open the console by right-clicking on the page and selecting Inspect. First, check whether the messages that appear are actually caused by scripts and/or content that are supposed to be loaded or executed in the environment. The CSP is designed to block malicious scripts and unwanted content, so these should not be allowed in the CSP.

If the messages come from desired scripts and/or content, they can be allowed in the CSP. For example, if a message appears stating that a stylesheet from https://fonts.googleapis.com is not allowed to load, you can add https://fonts.googleapis.com to the Content Security Policy (CSP) – Allowed Domains option. This will allow https://fonts.googleapis.com to load and/or execute all scripts and/or content.

If you only want https://fonts.googleapis.com to be able to load stylesheets, use the Content Security Policy (CSP) – Override option. In this case, under the style-src rule, enter: 'self' https://fonts.googleapis.com. Make sure to also include 'self', so that stylesheets from the environment itself are still allowed.