content security policy directive issues on azure wordpress

[subtleazn]

I have lots of same content security policy issues with same error message (specially with fonts) on one an azure wordpress web app, but i dont have these issues on other sites im using. what do you think is the problem?

Refused to load the script 'https://apis.google.com/js/api:client.js?ver=1.9.2' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' *.msecnd.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[rfcdejong]

I think that Tony is not active anymore, I just added google.com to the CSP directive, also for reCaptcha to work. Version 1.1.8.

I published the package myself, cause Tony didn't even publish it to the 'new' environment.

See my fork https://github.com/rfcdejong/AzSecurityPackRedirectAndHeadersMed