<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'sha256-5hvlzGKhlKhafFjW6G/cRVpM/e+JewYxe/pLpQ5Kj9M='; style-src 'self' 'unsafe-inline';">
Refused to create a worker from 'blob:http://<webserver>/f675bf28-a6df-4b59-b032-23e6e02326c6' because it violates the following Content Security Policy directive: "script-src 'self' 'sha256-5hvlzGKhlKhafFjW6G/cRVpM/e+JewYxe/pLpQ5Kj9M='". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.
We cannot change the CSP policy as it is fixed coded in the HabPanel framework. The author of video.min.js is aware of weak CSP compliance, but it doesn't look like it's top priority. Since this SDK includes video.min.js, what can VXG do regarding this issue?