Content Security Policy for Mongo Challange

Hello. I am trying to do this Mongoose challenge and it’s been a bit of an uphill battle, but I think I got it sorted out.

Here is my project and I’m getting this error:

Refused to load the script 'https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js' because it violates the following Content Security Policy directive: "script-src 'self'
      
      https://apis.google.com
      https://cdnjs.cloudflare.com
      https://cdn.segment.com
      https://ajax.googleapis.com
      https://*.woopra.com
      
      http://www.luckyorange.com https://ssl.luckyorange.com https://d10lpsik1i8c69.cloudfront.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

I’m pretty sure it has something to do with google chrome, but can’t figure out how to work around it. According to the Chrome website it says we can use "content_security_policy": "script-src 'self' https://example.com; object-src 'self'" to whitelist the site, but I’m not sure where to insert that line at.

UPDATE: after doing some more research, I try adding <meta http-equiv="Content-Security-Policy" content="default-src 'self' 'https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js';"> to the header, but it’s still not working. I also tried just <meta http-equiv="Content-Security-Policy" content="default-src 'self' 'https://cdn.amplitude.com/';"> and that didn’t work either.

So, one more update: It seems that glitch is adding a content security policy meta tag to all projects, and I’m not sure how to work around that. Any suggestions?

So it turns out that there’s a meta tag that’s added by glitch with that content security policy in place on all projects. I posted about this issue on stackoverflow, and someone tested it on their end with a new project and are getting the same thing, so it looks like this is just an issue with the way glitch deploys projects and has nothing to do with why the DB isn’t connecting, which means I’m back to square one with that.