Ask questionsContent Security Policy seemingly absent from new instance


After changing the admin settings for content-src and script-src I am seeing CORS errors even after deleting an instance and creating a fresh new one. (Param store has been untouched by me)

Example error below:

Refused to prefetch content from '' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'prefetch-src' was not explicitly set, so 'default-src' is used as a fallback.

Also from the discussion, prior to a fresh instance, I was seeing

Content Security Policy: The page’s settings blocked the loading of a resource at https://bp-hubs-assets.<internaldomain>.com/...

You can see the error in Spoke or in a room at the following Hubs Cloud instance:

The above instance is currently in line with the hubs-cloud branch.


Answer questions antpb

Last night I deleted the stack, removed all rogue DNS records, then made a new stack. Still seeing the same issues. The example url is now 1:1 with what deploys from an initial stack creation.


Related questions

No questions were found.
Github User Rank List