How to fix “Refused to connect to xxx because it violates the following Content Security Policy directive” on Heroku I’ve deployed a MERN stack app to Heroku: Mongo DB, Express.js, React.js, Node.js. The app uses Google Fonts and Stripe Checkout. I’ve built the React app via Create React App. My last deploy went wonkers. The app didn’t load any JavaScript because of Content-Security-Policy failures. In this post I’ll show you how to fix those errors and how to successfully re-deploy your MERN app to Heroku.