I'm missing the manifest-src. Refused to load manifest from X because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'manifest-src' was not explicitly set, so 'default-src' is used as a fallback. With Content Security Policy directive: "default-src 'self'" it works but it would be good to have the option to set a manifest-src.
Add a site.webmanifest and set Content Security Policy directive: "default-src 'none'".
Add directive:
$directives[] = "manifest-src 'self'";
By the way also:
$directives[] = "base-uri 'self'";
$directives[] = "form-action 'self'";would be nice.
n/a
n/a
n/a
n/a
Active
2.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
I'm getting reported rejections of my own site's site.webmanifest file for violating manifest-src, even though default-src is set to 'self'. So I don't know if adding an explicit manifest-src directive would help or not.