Do not connect js Content Security Policy directive: "script-src 'self'

Unless it was an error in your post make sure your resources are https not http.