Anyone else get Content Security Policy errors from beta challenges?

The challenges are not passing any tests now that gomix.me has become glitch.me. Does anyone else have this issue? I disabled extensions from my browsers and tried changing the headers on the page served from glitch.me. I think it is the CSP on the beta challenge page. Errors are showing in the console. (note these are the infosec/testing/advanced node challenges)

From safari i am getting:

Refused to connect to https://dgfccsec.glitch.me/_api/package.json because it does not appear in the connect-src directive of the Content Security Policy.

From Chrome I am getting:

Refused to connect to ‘https://dgfccsec.glitch.me/_api/package.json’ because it violates the following Content Security Policy directive: “connect-src ‘self’ https://gomix.com https://.gomix.com https://.gomix.me https://*.cloudflare.com”.

Anyone? I can’t pass any tests in the beta challenges due to these CSP errors in the browser, including ones that passed before the change from gomix -> glitch.me

If you are able to pass tests using an app remixed in Glitch, I would be interested in that too…that would indicate the problem is on my end.

This is more suited to a GitHub issue. I suggest posting an issue over on the repo, because there are people there who know a lot more about the site than most of us on the forum do.

You can post a new issue here:

Thanks - one of the guidelines for posting a github repo issue is that there is verification of the behavior from a 3rd party. That’s what I’m trying to get to here - has anyone else seen this behavior or is it an issue with my browser/glitch.me page?

I have the same problem and sadly, can’t find a solution :confused: