Content Security Policy - Load Balancer, CloudFront, Route53

I currently have a Metabase EC2 instance running on AWS that is being routed through a Load Balancer and then connected to a CloudFront distribution.

When accessing the Load Balancer directly (i.e. everything works fine, but when accessing it through Route53 / CloudFront on the site loads but with the error:

Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src").

I’ve added everything that is required on CloudFront, even adding the custom Content-Security-Policy with all default-src 'self'; but I still get this error.

Version: v0.34.2

Can anyone offer any guidance? I can give more information if required. Thanks.

@marshalld Metabase does not work with proxies that modify the content - have a look at this:

Thanks @flamber having Metabase behind CloudFront was the issue. I resolved it by adding some better forwarding on the load balancer instead.