This just started last night, I keep getting when redirecting to the callback url.
Refused to execute inline script because it violates the following Content Security Policy directive: “default-src ‘self’”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-7+J4BBpfP6BrGwq4jUTZH0MyBpT74yWhCBZ2TproeZY=’), or a nonce (‘nonce-…’) is required to enable inline execution. Note also that ‘script-src’ was not explicitly set, so ‘default-src’ is used as a fallback.
22Refused to load the font ‘’ because it violates the following Content Security Policy directive: “default-src ‘self’”. Note that ‘font-src’ was not explicitly set, so ‘default-src’ is used as a fallback.
I apologize for the delay in response, I know it’s been some time since you asked this question but I would like to try to help just in case you are still facing this or if someone else is battling it as well.
This looping has been seen actually happening on the Google side of things, and there have been times in the past where Google has changed something without saying anything about it.
That being said, if you are still encountering this problem please capture a HAR file and we can investigate this together. Thank you!