Hi!
I’m getting weird CSP issues in Sentry.
The CSP header of this page:
https://wprediscache.com/pricing
Is this:
Content-Security-Policy: default-src https: wss:; img-src 'self' https: data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.stripe.com www.google-analytics.com widget.intercom.io js.intercomcdn.com; object-src 'none'; font-src 'self' data: js.intercomcdn.com; frame-ancestors 'self'; report-uri https://xxxxxx.ingest.sentry.io/api/xxxxxxxx/security/?sentry_key=xxxxx
However I’m seeing a font being blocked, and the original_policy doesn’t list js.intercomcdn.com as a domain. What’s going on there?
The browser is Mobile Safari 13.1.
Thanks!