Upgrade to 2.3.5 and now getting this error bellow thought out the site on every page:
[Report Only] Refused to load the image
'blob:http://my.domayn.com/axxxxxxxxxxxx' because it violates the
following Content Security Policy directive: "img-src
widgets.magentocommerce.com www.googleadservices.com
www.google-analytics.com t.paypal.com www.paypal.com
www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com
*.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'".
Is anyone facing the same issue?
Best Answer
As of version 2.3.5, Magento supports Content Security Policy headers and provides ways to configure them.
By default, Content Security Policiy is configured in report-only mode, which allows merchants and developers to configure policies to work according to their custom code.
Your browser is not showing a Magento 2 error, it is reporting a CSP policy violation
You can configure your own custom CSP rules by adding a csp_whitelist.xml to a custom module etc folder.
You can find more information on how to do this here.
https://devdocs.magento.com/guides/v2.3/extension-dev-guide/security/content-security-policies.html
To completely disable CSP you can also try