.font_src(CSP.ALL)
.report_uri(CSPReporterServlet.URL);
// note that chrome-extensions can cause violations, and we don't generally care.
if (doesUrlAllowInline(url)) {
p.script_src(CSP.SELF, CHROME_EXTENSION, CSP.UNSAFE_EVAL, CSP.UNSAFE_INLINE)
.style_src(CSP.SELF, CHROME_EXTENSION, CSP.UNSAFE_INLINE);
} else {
p.script_src(CSP.SELF, CHROME_EXTENSION)
.style_src(CSP.SELF, CHROME_EXTENSION);
}