I am trying to load scripts and stylesheets from cdn I tried to add the meta tags relavant to the CSP but failed to resolve the errors
(index):76 Uncaught ReferenceError: bootstrapJS is not defined
at (index):76:13
(anonymous) @ (index):76
localhost/:81 Refused to load the stylesheet 'cdn/dist/vendor.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
localhost/:81 Refused to load the stylesheet 'cdn/dist/styles.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
localhost/:81 Refused to load the stylesheet 'cdn/dist/app-main.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
localhost/:1 Refused to load the script 'cdn/dist/vendor.bundle.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com localhost:8080 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
localhost/:1 Refused to load the script 'cdn/dist/styles.bundle.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com localhost:8080 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
localhost/:1 Refused to load the script 'cdn/dist/app-main.bundle.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com localhost:8080 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
This is the tag that I am using in the index_template.html
<meta http-equiv="Content-Security-Policy"
content="
default-src 'self';
script-src 'report-sample' 'self' https://xxxx.cloudfront.net/;
style-src 'report-sample' 'self' https://xxxx.cloudfront.net;
object-src 'none';
base-uri 'self';
connect-src 'self';
font-src 'self' https://d2yxqfr8upg55w.cloudfront.net;
frame-src 'self';
img-src 'self' https://cdn.discordapp.com;
manifest-src 'self';
media-src 'self';
worker-src 'none';
"
>