Trying to put a LinkedIn Follow button onto the site, it works fine in Firefox, but does not in Chrome with this error in Console:
The source list for Content Security Policy directive 'script-src' contains an invalid source: ''report-sample''. It will be ignored.
Same problem on LinkedIn own Follow button generation page: https://developer.linkedin.com/plugins/follow-company
Same message in Console and nothing happens when button is clicked.
This happens only in Chrome currently (from browsers i've checked). Must be related to https://developers.google.com/web/fundamentals/security/csp/
#linkedin #chrome
I am seeing the same thing. There appears to be a CSP issue with their implementation. The response to the GET request that is initiated when you click the button has its X-Frame-Options header set to to sameorigin so the browser isn't evaluating the response.
I reported the issue with examples to LinkedIn and they said they would have an engineer take a look.