I’m working on a project that allows login to Evernote then redirects back.
On the redirect back into the project, the browser shows: Cannot GET /auth/callback
(that’s a react route).
And in the error log:
[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' appears in neither the script-src directive nor the default-src directive of the Content Security Policy. (callback, line 0)
I’ve tried 20 or so variations of express setHeader("Content-Security-Policy", ...
with those directives, but haven’t had any luck yet.
Anyone have a tip or pattern to follow?