On a project, we have this error that pops up:
[Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' cdn.jsdelivr.net https://cdnjs.cloudflare.com". Either the 'unsafe-inline' keyword, a hash ('sha256-1UojrYuE1Y9txBzCzVe0GO/eRwyGZkkBvGugCU1pMv0='), or a nonce ('nonce-...') is required to enable inline execution.
It's not really serious because it's just a fallback of the "inter" font that's hosted in the files, but it's a bit annoying on sites where the owners are very careful about security.
I've only had this error on an online site and not locally, for the rest being connected to a site that uses Gin should be enough.
Active
4.1
Code
It involves the content or handling of Cascading Style Sheets.
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.
Thanks @melodia40943 for reporting this, but how does that relate to the Gin theme? It doesn't define anything about cloudflare nor does it require remote resources. It looks like the warnings you're seeing are from something else, not from Gin. Or am I missing something?