script-src-elem

[jimixy]

Refused to load the script 'https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.11/lodash.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' .xitu.io .juejin.im .baidu.com .google-analytics.com .meiqia.com dn-growing.qbox.me .growingio.com .guard.qcloud.com .gtimg.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Dante-dan]

emmmm, Readme mention this Q: $i fail to import resources On some websites like GitHub, $i will fail to import resources. Console warning may be like follows:

Refused to load the stylesheet 'https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css' because it violates the following Content Security Policy directive: "style-src 'unsafe-inline' assets-cdn.github.com". It is because of strict Content Security Policy of these websites. For more information, see Content Security Policy (CSP) wiki

[pd4d10]

Yeah, it's due to the CSP of the website itself.

https://github.com/pd4d10/console-importer/issues/3#issuecomment-966991301 mentioned a solution which use "Disable Content-Security-Policy" extension to disable it, but I think it may cause security issues.