I have a Content Security Policy that explicitly whitelists api.swiftype.com with ‘unsafe-inline’ ‘unsafe-eval’ (not, great, I know). Regular search functionality is working as expected. However, autocomplete requests are being blocked by browser default X-XSS-Protection:1; mode=block. I’ve done a bunch of googling and I’m not sure why that is happening when the CSP should be allowing them.
Any suggestions are much appreciated! Thanks.