Content security policy issue :(

This is a very vital library and saves a ton of development effort. However, i am in a dire situation . The content security policy blocks from loading the application in QA and PROD environment. We get the below error

Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAAXNSR0IArs4c6QAAAERlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAAAFKADAAQAAAABAAAAFAAAAACy3fD9AAAAq0lEQVQ4EWNgGAUDGQLpQMtbqOUAFaBBJ4DYhxoGMgINmQ/E06hhGMiMECA+CsQyIA6lQARowAEgTgBiooEBUCUrDtUdQPHlQMyCQx6r8CagaBsWGRug2Ckg1sYih1fICCh7EojDkFRxAtlbgLgYSYwkZjRQNShZwFxTAGSDDAQZTDYAeRtkiCkQg1wM8jJFAOSalUAMCjdsYUqW4ZJAXflALECW7lFNZIUAADyGE54jYsm6AAAAAElFTkSuQmCC' because it violates the following Content Security Policy directive: "default-src 'self' *.daap.com". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

Expected Behavior

The CSP should not block the images and other inline styles

Current Behavior

My server.js file is as follows

app.use(function(req, res, next) { res.set(“Content-Security-Policy”, “default-src ‘self’ *. adale.com”) res.set(“img-src ‘self’ data:”) next(); });

The CSP blocks the following code to get executed.

toPng(ref.current) .then((dataUrl) => { //usage of dataUrl here }) .catch((err) => { console.log(err) }) }, [ref])

Possible Solution

Please suggest a possible solution.

I have read about the content security policy and found this code img-src ‘self’ https://images.example.com; This means that images can be loaded from the same origin (via the ‘self’ source list value), or via URLs starting with: https://images.example.com

But my situation is different. I dont get a URL in my console log. It gives a long url as mentioned above. Can you please provide me the URL from where this data is getting loaded.