STR:

1. Load this TreeHerder log:
   https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=275631304
2. (optional) Open the devtools console (F12 or Ctrl+Shift+K)
3. Click the "open analyzer" link at the top.

ACTUAL RESULTS:

• The analyzer stays on the "load reftest log" screen (it doesn't successfully get the log)
• Web Console says:

Content Security Policy: The page’s settings blocked the loading of a resource at https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task…QXy0yZ4HJioOKw/runs/0/artifacts/public/logs/live_backing.log (“connect-src”).

EXPECTED RESULTS:

• Reftest analyzer should successfully analyze the log and get to the compare-screenshots view.
• There shouldn't be a CSP error (i.e. we should use a CSP that permits our hosted reftest-analyzer to load the log)

Side note: from clicking around on TreeHerder, it looks like a lot of logs are hosted on queue.taskcluster.net which works just fine for reftest-analyzer. This particular one lives on firefox-ci-tc.services.mozilla.com for some reason, and that domain has this CSP issue, it seems.

Actually, I'm seeing similar issues for queue.taskcluster.net logs as-viewed-in-the-shortlog.

E.g. this URL gives me "Network error when attempting to fetch resource" in the bottom-half (log-viewing) portion, for a queue.taskcluster.net URL, and the console says it's a CSP issue:
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=272726453&repo=autoland&lineNumber=2944

Content Security Policy: The page’s settings blocked the loading of a resource at https://queue.taskcluster.net/v1/task/DiX5J0KxTHWTmxMTwcaMtQ/runs/0/artifacts/public/logs/live_backing.log (“connect-src”).

...though that one does let itself be viewed in reftest-analyzer, so maybe it's permissive for some domains but not all of the ones that we need to be permissive for?