The CSP policy is set by the web server, and ours is quite locked down due to security constraints. I need to add an exception for every host being accessed from our web pages. I did see that {{Munchkin ID}}.mktoresp.com was being requested, but now also {{Munchkin ID}}.mktoutil.com, neither of which is documented in the official documentation. Most Javascript APIs these days have a canonical set of CSP rules and I was simply looking for that set.
... View more