Ask HN: Claude web blocked its assets visit via csp?
5 by xgstation | 2 comments on Hacker News.
returned CSP header as following while all assets access to `https://assets-proxy.anthropic.com` is blocked script-src 'strict-dynamic' https: 'nonce-0f2f/yV7CL8nKlXr/lFMPA==' https://via.intercom.io https://api.intercom.io https://ift.tt/qBu9t2W https://ift.tt/Jw0xL5Y https://ift.tt/D2g60KB https://ift.tt/pebYyCI https://ift.tt/DK1fN0Z https://ift.tt/jVdryNY https://ift.tt/GEcquWM wss://nexus-websocket-a.intercom.io https://ift.tt/GOb4rkU wss://nexus-websocket-b.intercom.io https://ift.tt/ivkLsRt wss://nexus-europe-websocket.intercom.io https://ift.tt/9R3HtbQ wss://nexus-australia-websocket.intercom.io https://ift.tt/rV1GB0Z https://ift.tt/KA9usNW https://ift.tt/2MevwFg https://ift.tt/XhVJKbs https://ift.tt/o4H2qlr https://ift.tt/rBKxGtc https://ift.tt/ZyOtu5d 'wasm-unsafe-eval'; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; block-all-mixed-content; img-src 'self' data: blob: *.anthropic.com *.claude.ai *.claude.com *.ant.dev *.gstatic.com * https://ift.tt/geEJRkt https://ift.tt/Zt4aygS https://ift.tt/oRfnhzu https://ift.tt/82D0Ekx https://ift.tt/ok2Mct5 https://ift.tt/o4H2qlr https://ift.tt/INKCfJL https://ift.tt/C3cN9nj https://ift.tt/UPhqoZY https://ift.tt/Vcx94uY https://ift.tt/Hub8aPZ https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://ift.tt/YXRWcUk https://ift.tt/bKfpinJ; frame-src a-cdn.claude.ai a.claude.ai a.claude-ai.staging.ant.dev b.stripecdn.com embedded-dashboards.metronome.com forms.hsforms.com googletagmanager.com js.stripe.com m.stripe.network newassets.hcaptcha.com pay.google.com r.stripe.com www.google.com accounts.google.com https://ift.tt/qDodL38 https://ift.tt/DpF7wbZ https://ift.tt/umb1Z39 https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://ift.tt/EcwV2u3 https://ift.tt/5AcjneX *.claudemcpcontent.com https://claude.ai; font-src 'self' assets.claude.ai https://ift.tt/geEJRkt https://ift.tt/yonXt2D; form-action 'self' https://ift.tt/ar5fweT https://intercom.help https://ift.tt/D2g60KB https://ift.tt/pebYyCI https://ift.tt/DK1fN0Z; media-src 'self' cdn.sanity.io https://ift.tt/pWm53uX https://ift.tt/geEJRkt https://ift.tt/oRfnhzu https://ift.tt/82D0Ekx https://ift.tt/ok2Mct5; upgrade-insecure-requests