I've recently upgraded to Magento 2.3.5 and I've been encountering an issue with my Content Security Policy when trying to load a style sheet.
The error (Chrome dev console):
I've added maxcdn to my csp_whitelist.xml but the error still occurs after setup:upgrade + setup:static-content:deploy + cache flush
My csp_whitelist.xml:
<?xml version="1.0"?>
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp/etc/csp_whitelist.xsd">
<policies>
<policy id="style-src">
<values>
<value id="maxcdn-fontawesome" type="host">maxcdn.bootstrapcdn.com</value>
</values>
</policy>
</policies>
</csp_whitelist>
I've tried adding https in the hostname, but that didn't make any difference.
I'm curious as to why the violated directives are from different domains as well. getfirebug.com
is only used for the tinymce editor in my admin backend not on the storefront.
How can I go about removing this error?
Also, could anyone provide me with additional resources for researching this? I've read through Mozillas CSP guide, but it's not exactly the same for Magento 2.3.5.
Best Answer
I have this code and it works fine:
Try to clear these folders manually also: