The NIP-05 doc mentions Access-Control-Allow-Origin but is silent on Content Security Policy.

However, I am noticing these errors:

Refused to connect to 'https://thecloudseminar.com/.well-known/nostr.json?name=k9lvn' because it violates the following Content Security Policy directive: "connect-src 'self' ws: wss:"

What is the recommendation, @fiatjaf, @jb55? Thanks.