Default CSP blocks manifest and vue/react devtools extensions
Refused to load manifest from 'https://shigusegubu.club/ngs/manifest.json' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'manifest-src' was not explicitly set, so 'default-src' is used as a fallback.
this breaks android icons if there are ones.
as for vue/react devtools:
19:28:52.610 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). friends:1:1
19:28:52.611 Content Security Policy: The page’s settings blocked the loading of a resource at eval (“script-src”).
19:28:53.086 Content Security Policy: The page’s settings blocked the loading of a resource at eval (“script-src”).