• Not Answered

Sitecore JSS - Content security policy

Hi Guys, I am trying to setup node-headless-ssr-proxy for server side rendering, After I deployed my react jss application into node-headless-ssr-proxy server, the external api calls are being blocked due to CSP. I am getting this error:
Refused to connect to 'jsonplaceholder.typicode.com/.../1' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

 My node proxy server is running on http://localhost:3000

other errors are:

Refused to load the image 'my-first-jss-app.dev.local/.../jss_logo.ashx because it violates the following Content Security Policy directive: "img-src 'self' data:".

Refused to load the image 'my-first-jss-app.dev.local/.../jss_logo.ashx because it violates the following Content Security Policy directive: "img-src 'self' data:".