This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
https://github.com/Polymer/vulcanize#content-security-policy seems relevant.
Moved to https://github.com/w3c/webcomponents/issues/215