xxxxxxxxxx <!-- for heroku, replace the CSP in Star Track with this --> <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com https://api.spotify.com https://*.herokuapp.com 'unsafe-eval' 'unsafe-inline' ws://*.herokuapp.com ws://localhost:3000; style-src 'self' 'unsafe-inline'; media-src *; img-src * data:">