When trying to use the PDF block, set as a PDF viewer, the pdf is not displaying in the post preview. It's just a blank gray pdf container. I'm getting this error from the browser dev tools:
--
Refused to load the script 'https://healthcostinstitute.org/media/com_easyblog/pdfjs/build/pdf.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
viewer.html:1 Refused to load the script 'https://healthcostinstitute.org/media/com_easyblog/pdfjs/web/viewer.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
viewer.html:1 Refused to load the script 'https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
--
I don't have any sort of extension on the browser blocking Javascript. This seems to be a problem with the Content Security Policy Header. Can you help?
--
Refused to load the script 'https://healthcostinstitute.org/media/com_easyblog/pdfjs/build/pdf.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
viewer.html:1 Refused to load the script 'https://healthcostinstitute.org/media/com_easyblog/pdfjs/web/viewer.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
viewer.html:1 Refused to load the script 'https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
--
I don't have any sort of extension on the browser blocking Javascript. This seems to be a problem with the Content Security Policy Header. Can you help?