Web Compatibility Support • duck.ai - doesn't work with csp enabled

This is a live example of a site that doesn't work specifically because of the csp implementation in pale moon. Tested on a clean portable PM 34.2.2

If you try typing something in the chat and press "ask" or enter, the page will display the error "Oops! Something went wrong." The console also displays a long error

CODE:

 ChunkLoadError: Loading CSS chunk 1897 failed.(error: https://duck.ai/dist/duckai-dist/chunk.duckai-shield-animation.07c49f74e9caa4608f49.css)Stack trace:i.f.miniCss/e[t]</</</o.onload@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1508966 entry.vendors.06b4af71b7dfe2a4f6f7.js:2:80472"ChunkLoadError: Loading CSS chunk 1897 failed.(error: https://duck.ai/dist/duckai-dist/chunk.duckai-shield-animation.07c49f74e9caa4608f49.css)LazySuspensedivdivp@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1058997divdivl@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1divsectiono[86028]/_<@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1157199o[66466]/R<@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1o[66466]/de<@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1Kl@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1Wl@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1V@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1mainql@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1We@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1m@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1l@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1p@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1Wf@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1u@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1E@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1S@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1N@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1c@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1h@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1i@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1i@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1y@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1d@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1I@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1s@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1p@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1Nr@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1u@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1h@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1s@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1c@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1m@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1H@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1B@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1divfe@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1l@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1d@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1Vf@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:662786d@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1i@https://duck.ai/dist/duckai-dist/entry.vendors.06b4af71b7dfe2a4f6f7.js:2:138206Zg@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1c@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1rg@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1i@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1i@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1s@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1aE@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1zg@https://duck.ai/dist/duckai-dist/entry.duckai.ae8834055b64dc711946.js:2:1"

But if you set security.csp.enable = false, the chat works fine. The site's csp settings are not too complicated and at first glance should be fully supported in pm -

"default-src 'none' ; connect-src https://duckduckgo.com https://.duckduckgo.com https://duck.ai https://.duck.ai ; manifest-src https://duckduckgo.com https://.duckduckgo.com https://duck.ai https://.duck.ai ; media-src https://duckduckgo.com https://.duckduckgo.com https://duck.ai https://.duck.ai ; script-src blob: https://duckduckgo.com https://.duckduckgo.com https://duck.ai https://.duck.ai 'unsafe-inline' 'unsafe-eval' ; font-src data: https://duckduckgo.com https://.duckduckgo.com https://duck.ai https://.duck.ai ; img-src data: https://duckduckgo.com https://.duckduckgo.com https://duck.ai https://.duck.ai ; style-src https://duckduckgo.com https://.duckduckgo.com https://duck.ai https://.duck.ai 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob: https://duckduckgo.com https://.duckduckgo.com https://duck.ai https://.duck.ai ; frame-src blob: https://duckduckgo.com https://.duckduckgo.com https://duck.ai https://.duck.ai ; form-action https://duckduckgo.com https://.duckduckgo.com https://duck.ai https://.duck.ai ; frame-ancestors https://duckduckgo.com https://*.duckduckgo.com ; base-uri 'self' ; block-all-mixed-content ;"

So does anyone have any ideas what exactly is wrong with csp processing?