On 11/5/2020 5:32 AM, Daniel Stenberg wrote:
On Thu, 5 Nov 2020, Ray Satiro wrote:
It is blocked loading some resources from fastly-insights.com
(without www)
I don't think we're expected to load any resources from there?
(BTW, that resource load is explained in full here:
https://insights.fastlylabs.com/)
Here is what I see in the Chrome browser console:
insights.js?k=8cb1247c-87c2-4af9-9229-768b1990f90b:55 Refused to connect
to
'https://fastly-insights.com/api/v1/config/8cb1247c-87c2-4af9-9229-768b1990f90b'
because it violates the following Content Security Policy directive:
"default-src 'self' curl.haxx.se www.curl.se curl.se
www.fastly-insights.com". Note that 'connect-src' was not explicitly
set, so 'default-src' is used as a fallback.
There are no more curl.haxx.se errors since the header has updated.
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
