Content Security Policy with server style-src/default-src directive

[rnkn]

Hello,

Thank you for making PageExtender :)

From my research, I think my issue is likely a server configuration problem, but with the site https://marc.info I get no effect when trying to apply a PageExtender stylesheet and receive the following error:

[Error] Refused to apply a stylesheet because its hash, its nonce, or 'unsafe-inline' appears in neither the style-src directive nor the default-src directive of the Content Security Policy. (marc.info, line 1)

I'm not sure if there's anything you can do about this because I think these directives are to do with Apache, but I just thought I'd ask.

[fphilipe]

I'm afraid CSP is interfering here. The initial script from the extension is executed, but anything injected by that script is disallowed.

Will have to investigate if there's a workaround. Thanks for reporting!