Content-Security-Policy: script-src 'self';
script-src 'self';
This page has no object-src or default-src directives. Try injecting an object: