Ask questionsContent Security Policy seemingly absent from new instance


After changing the admin settings for content-src and script-src I am seeing CORS errors even after deleting an instance and creating a fresh new one. (Param store has been untouched by me)

Example error below:

Refused to prefetch content from '' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'prefetch-src' was not explicitly set, so 'default-src' is used as a fallback.

Also from the discussion, prior to a fresh instance, I was seeing

Content Security Policy: The page’s settings blocked the loading of a resource at https://bp-hubs-assets.<internaldomain>.com/...

You can see the error in Spoke or in a room at the following Hubs Cloud instance:

The above instance is currently in line with the hubs-cloud branch.


Answer questions antpb

You can reproduce the error most clearly by going to and making a new scene. When you've reached the new scene, add a video element and use a youtube/vimdeo url and you'll notice that videonode fails.


Related questions

No questions were found.
Github User Rank List