Search

If you add Meilisearch to a frontend and forget CSP, search is often the first thing to break. Not because Meilisearch is weird, but because CSP is doing exactly what you asked: block outbound requests, workers, inline scripts, and third-party assets unless you explicitly allow them. I’ve seen this happen a lot with search UIs. Everything works locally, then production starts throwing errors like: Refused to connect to 'https://search.example.com/indexes/movies/search' because it violates the following Content Security Policy directive: "connect-src 'self'". That’s the core of CSP for Meilisearch: connect-src. Most Meilisearch integrations are browser code making fetch or XHR requests to your Meilisearch host. If that host is not allowed, search dies. ...