Refused to load script because it violates the following Content Security Policy directive

[hanselke]

have a sample mailchimp form at http://eepurl.com/dzXHjD

used code from demo/src and i'm getting a CSP error.

modules.js?hash=d9603d8755a377c986c4df7e04101d8c1f8808b0:325448 Refused to load the script 'http://eepurl.com/dzXHjD&EMAIL=feaae%40HUi.com&NAME=feaea?c=__jp1' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' localhost: http://unpkg.com https://unpkg.com http://cdn.jsdelivr.net https://cdn.jsdelivr.net http://.facebook.com https://*.facebook.com http://*.fbcdn.net https://*.fbcdn.net http://connect.facebook.net https://connect.facebook.net http://*.googleusercontent.com https://*.googleusercontent.com http://*.cdninstagram.com https://*.cdninstagram.com http://assets.reactioncommerce.com https://assets.reactioncommerce.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://enginex.kadira.io https://enginex.kadira.io http://*.stripe.com https://*.stripe.com 'unsafe-eval' http://www.paypal.com http://www.paypalobjects.com https://www.sandbox.paypal.com https://www.paypal.com https://www.paypalobjects.com https://tracking.qa.paypal.com https://akamai.mathtag.com".

[revolunet]

Hi, did you fix it ?

[john-raymon]

Could this be caused by a change at mailChimp ? theres a captcha now after submitting via the mailchimp ui. Heres my link from my action attribute https://johnraymon.us19.list-manage.com/subscribe/post

[daniellevautier]

I also have an unsafe-eval issue with the mailchimp popup script - as a temporary work around I had to allow unsafe-eval from their domain but ideally it should be fixed by Mailchimp