Map violates Content Security Policy

[matthew-white]

When I view a map in Central Frontend, I see the following message in the console:

[Report Only] Refused to create a worker from 'blob:foo' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.

Example URL: https://staging.getodk.cloud/projects/182/forms/building_footprints/submissions?map=true

@alxndrsn, I'll add this issue to #770.

[alxndrsn]

Closed by #1468

Not sure why it didn't close automatically 🤔