The Content Security Rules for Studio Client have been hardened to prevent attackers from uploading JavaScript code into CMS Content and exploit possible XSS vulnerabilities to execute that code in the context of another Studio user. If you have added any custom scripts to Studio Client which are not deployed under the paths /packages/ or /resources/, they will now be blocked by the stricter CSP rules, which is reported in the browser console.

To fix this, you need to allow-list those scripts in apps/studio-client/apps/main/base-app/sencha/resources/config-init.js by adding their paths to the allow-list [..., "resources/", "packages/"].

(CMS-22221)