Content security policy (CSP) error while doing SSO with Azure AD via MSAL in angular

Question

I am developing SSO functionality with Azure AD via MSAL in angular application. I am getting this error.

polyfills.9c9523e6b18dcf83.js:1 Refused to connect to 'https://login.microsoftonline.com/common/oauth2/v2.0/token' because it violates the following Content Security Policy directive: "connect-src 'self' wss:".
polyfills.9c9523e6b18dcf83.js:1 Refused to connect to 'https://login.microsoftonline.com/common/oauth2/v2.0/token' because it violates the document's Content Security Policy.

Content Security Meta Tag in index.html

  <meta http-equiv="Content-Security-Policy"
    content="default-src 'self';
    script-src 'self' 'unsafe-inline';
    style-src 'self' 'unsafe-inline';
    object-src 'none';
    base-uri 'self';
    connect-src 'self' https://login.microsoftonline.com/common/oauth2/v2.0/token;
    font-src 'self';
    frame-src 'self';
    img-src 'self';
    manifest-src 'self';
    media-src 'self';
    worker-src 'none';">

Answer 1

Refer my SO thread answer here.

When I add the below URL, I face the same error code as yours.

https://login.microsoftonline.com/common/oauth2/v2.0/token

When I change it to below URL, the error is resolved.

https://login.microsoftonline.com;

index.html :

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Your Angular App</title>
<base href="/">
 
<meta http-equiv="Content-Security-Policy"
    content="default-src 'self';
    script-src 'self' 'unsafe-inline';
    style-src 'self' 'unsafe-inline';
    object-src 'none';
    base-uri 'self';
    connect-src 'self' https://login.microsoftonline.com;
    font-src 'self';
    frame-src 'self';
    img-src 'self';
    manifest-src 'self';
    media-src 'self';
    worker-src 'none';">
 
  <meta name="viewport" content="width=device-width, initial-scale=1">
</head>
<body>
<app-root></app-root>
</body>
</html>

Output :

It ran successfully as below,

I was able to Sign in as below.