Cloudflare rocket loader blocks script loading

[DRSchlaubi]

Checklist

• I have searched budibase discussions and github issues to check if my issue already exists

Hosting

• Self
  • Method: k8s (helm)
  • Budibase Version: Helm: 3.0.257 Budibase: 3.2.27
  • App Version: 3.2.27 and 3.2.26

Describe the bug
When using CloudFlare rocket loader, previews don't load due to CSP

To Reproduce
Steps to reproduce the behavior:

1. Setup Budibase behind rocketloader
2. Load an app preview or an app deployment

Expected behavior
Everything works

Screenshots

Desktop (please complete the following information):

• OS: Windows 24H2 (Build 26100.2454)
• Browser Chrome
• Version 131.0.6778.109

Additional context
VM132 rocket-loader.min.js:1 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.budibase.net https://cdn.budi.live https://js.intercomcdn.com https://widget.intercom.io https://d2l5prqdbvm3op.cloudfront.net https://us-assets.i.posthog.com 'nonce-nEXtxUhIBOlQ5hsJZjt+Nw=='". Either the 'unsafe-inline' keyword, a hash ('sha256-PxaLgZ6U2+ROaVE28X5HHykZG4rFbQwJ32zQDSXFFiM='), or a nonce ('nonce-...') is required to enable inline execution.

[ConorWebb96]

Hey @DRSchlaubi,

I've converted this to a discussion this isn't a standard setup and not an issue with Budibase. It looks like you may need to amend your CSP policy.

[DRSchlaubi]

I have not specified a CSP, this is the default CSP that budibase uses