I need to set the Content-Security-Policy header to allow loading scripts from any HTTPS source. When I add the following line to my nginx configuration, the look and feel of the site breaks. What am I missing?
add_header Content-Security-Policy "default-src https:";
I also tried adding a * at the end of https like this but this did not work as well,
add_header Content-Security-Policy "default-src https:*";
