CSP violation on Users panel

[Bloke]

Operating the multi-edit action on the Users panel of the .com website (e.g. to 'Reset password') results in the browser console issuing:

Content Security Policy: The page’s settings blocked the loading of a resource at inline (“style-src”).

No further info is supplied on which resource.

[philwareham]

FYI this can be made secure when we move to Textpattern 4.9 - as the CSP rules for Textpattern itself can be declared for via its config file. For now, the root will have to be less secure. Also see https://github.com/textpattern/server-config/issues/10

[Bloke]

It's got rid of the violation in the console, thanks. But still no Green message appears when performing a multi-edit action (unless it's cached the response). Baffling!

[philwareham]

Force clear the cache? CSP rules stubbornly stay around.

[Bloke]

Still the same in an incognito window. Maybe the CSP rules persist there too?

EDIT: Nope. Tried Safari, freshly restarted and not used on this site ever. No change. I've set up a test user there with no privs to play with so feel free to interact with it to see if it's just me.