I just tested with the latest Divi and the latest WordPress, and it works as it should with just “Allow blob” and the domains https://elegantthemes.com/ and https://*.elegantthemes.com/ in frames.
With Debug enabled I get:
<!– Content Security Policy Cookie settings: script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ blob: ; img-src ‘self’ data: blob: ; object-src ‘self’ data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/; frame-src ‘self’ data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/; –>
But in the console I can see this: “Uncaught ReferenceError: Cookies is not defined” which means that js.cookie.min.is not loaded. And when I view the source it’s not loaded, but the file is there. [yourdomain]/wp-content/plugins/cookies-and-content-security-policy/js/js.cookie.min.js?ver=2.29
So maybe some other plugin is interfering with that?
And, since you also have debug enabled I can see that you have some domains under Script set as the URL to the script, it should only be the domain.
