MODX Community

Content Security Policy (CSP) breaking manager

Hello, I’m trying to implement a bit of security on modx sites, but I’m having a problem including this in the .htaccess it’s braking the manager.

<IfModule mod_headers.c>
    Header set Content-Security-Policy "script-src 'self'; object-src 'self'"
    <FilesMatch "\.(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|tt[cf]|txt|vcf|vtt|webapp|web[mp]|woff|xml|xpi)$">
        Header unset Content-Security-Policy

I can’t see any external file being called from the manager, so why is that?