I'm trying to use Chart.js to load some components, but I don't know why I keep getting this error: Refused to load the script '/[email protected]/dist/chart.min.js' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

I have attempted to bypass CSP like this:

app.use((req, res, next) => {
  res.setHeader(
    'Content-Security-Policy',
    "default-src 'self';" +
    "script-src 'self'  'unsafe-inline';" +
    "style-src 'self'  'unsafe-inline';" +
    "img-src 'self' data:;" +
    "font-src 'self' ;" +
    "connect-src 'self' http://localhost:5000"
  );
  next();
});

But, it still fails.