I’m working on a project that allows login to Evernote then redirects back.
On the redirect back into the project, the browser shows:
Cannot GET /auth/callback (that’s a react route).
And in the error log:
[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' appears in neither the script-src directive nor the default-src directive of the Content Security Policy. (callback, line 0)
I’ve tried 20 or so variations of express
setHeader("Content-Security-Policy", ... with those directives, but haven’t had any luck yet.
Anyone have a tip or pattern to follow?