The new CSP for CN is a little overreaching. It is being triggered everytime I ever preview a banner since it is now being triggered anytime that any javascript loaded from anywhere other than the page. This includes:
- Any gadget
- Any personal javascript I use on my account
- In browser tools such as page translations for google translate.
The latter is a significant issue since I can no longer use the tool to confirm localising banner functionality is correct since it suppresses the necessary script from running.