This looks like the service worker (sw.js) is cached with the old CSP value. It is cached for up to 7 days in the default configuration.

I've traced it this far, but I don't know how to fix it.

If you have a CDN in front of e5n.cc itself, you need to clear its cache. Then on the user side, you need to refresh browser cache. The issue should then disappear.

We've seen this issue (twice) and had a hard time finding out what caused it. We had this when we moved from local storage to an S3-based storage platform, and again when this platform changed domain names.

It seems to be this scenario:

• You change the hostname where your assets are hosted.
• The CSP needs to be updated for this, which you do.
• However, it seems the web workers are cached for a long time including the CSP header, so assets are blocked for all users that have used the site before.
• The cache timeout seems to be up to a week, so changing the assets URL would lead to broken image for a week for our users.

We've not found a way for us as Mastodon admins to force these web workers to upgrade (their CSP info), nor for end users to force refresh them. Other than using a private window.

Our conclusion is that when we change assets hosts, we need to add the new host at least 1 week before a planned migration to the CSP header so users can 'learn' the value.

Duplicate in #28842