The production Pocket bedrock CSP includes both EXTRA_CSP_DEFAULT_SRC and _csp_connect_extra_for_dev, like if the wrong www-config is picked up (because I don't see any logic bug in the django/csp code, and it works correctly for mozorg mode — so it has to be the env values for getpocket.com that cause this?)
Description
The production Pocket bedrock CSP includes both
EXTRA_CSP_DEFAULT_SRC
and_csp_connect_extra_for_dev
, like if the wrong www-config is picked up (because I don't see any logic bug in the django/csp code, and it works correctly for mozorg mode — so it has to be the env values for getpocket.com that cause this?)Steps to reproduce
~ $ http -v HEAD https://getpocket.com/en/about/
Expected result
Actual result