Do not connect js Content Security Policy directive: "script-src 'self'

For the application, be sure to https?