We have a portal which embeds Metabase reports using Signed Embedding.
To facilitate this our Metabase instance is set up behind an NGINX proxy which re-routes any requests from the proxy to the Metabase site URL. This works well and allows the associated css and js files to flow through the proxy.
However when trying to export a question we get the following error which seems to indicate that the export request is going direct to the Metabase site URL instead of the host of the embed URL (which points to our proxy).
Refused to connect to 'http://metabase-site-url.com/embed/question/eyJhbGciOiJIUzI1N.json?' because it violates the following Content Security Policy directive: "connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com".
Whereas the embed request for the actual report itself uses the proxy as the host:
Is it possible to have the export requests route through the host specified in the embed URL itself so we are able to route all traffic through our proxy?