What Changed (October 2025)
- Plugins now run in isolated environments with different security controls
- External stylesheets and scripts are controlled differently for plugin flexibility
Why Plugins Have Different Security Settings
Plugins require different security policies than core Cortex features to support the flexibility needed for custom solutions. This allows you to create powerful customizations while maintaining security.
Error Messages
You might see errors like:
"Refused to load [URL].css because it does not appear in the style-src directive of the Content Security Policy"
"Refused to load [URL] because it does not appear in the script-src directive of the Content Security Policy"All the resolution options above will fix these errors.
Resolution Options
Option 1: Use Data/Blob URLs
If your plugin uses dynamically generated CSS via data URLs or blob URLs, these are now supported. You don't need to change anything in your plugin code.
Option 2: Wait for Automatic Fix
We've updated the CSP configuration to support data and blob URLs. If you're still experiencing issues, please reach out to support.
Option 3: Disable Plugins
If you prefer stricter security controls, you can choose to disable plugins in your environment.