Hi - recently we’ve noticed that the AWS Console is not loading when accessed via Zscaler (GRE tunnel). However the web insights log shows that nothing is being blocked.
This is the same across Chrome, Edge and Firefox for us - and the browser console shows errors similar to:
Refused to load the script 'https://gateway.zscloud.net/auD?origurl=https%3A%2F%2Fcdn%2eassets%2eas2%2eamazonaws%2ecom%2fawsc%2dhead%2ejs%3fversion%3d3%2e0%2e26&wexps=1&_ordtok=RPZ3WVhMQSBS6S7sRSVbgKSHN6' because it violates the following Content Security Policy directive: "script-src https://cdn.assets.as2.amazonaws.com/AWS-UI-Widget-HelpPanel-Loader.js 'self' https://*.cdn.console.awsstatic.com https://*.signin.aws.amazon.com https://cdn.1.as2.amazonaws.com/asset/ https://cdn.2.as2.amazonaws.com/asset/ https://cdn.assets.as2.amazonaws.com https://console.aws.amazon.com/p/ https://console.aws.amazon.com/phd/ https://d1fqdzidq79abj.cloudfront.net https://d2eezf66cfmyv.cloudfront.net/js/ https://d36cz9buwru1tt.cloudfront.net https://eu-west-2.console.aws.amazon.com/api/ https://eu-west-2.prod.signer.console-api.aws.amazon.com https://media.amazonwebservices.com https://phd.aws.amazon.com https://resources.console.aws.amazon.com https://signin.aws.amazon.com https://eu-west-2.console.aws.amazon.com/p/ https://a.b.cdn.console.awsstatic.com 'nonce-bZjhmmycM2V6n0oghBzBvg=='". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Has anyone seen anything similar or have an idea how to resolve this?