Content Security Policy violations in browsers when using an origin-*-redirect authentication mode