Help: Content Security problem when loading my own javascript assets #5085

My javascript assets is built from react
It works well by itself.

But when I load my own javascript assets in redash
I got these errors:

Refused to execute inline script because it violates the following Content Security Policy directive: “default-src *”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-YM8uI2F+VfHULiDF1T+UCYmPwssvvWleyz5k2gtmTQo=’), or a nonce (‘nonce-…’) is required to enable inline execution. Note also that ‘script-src’ was not explicitly set, so ‘default-src’ is used as a fallback.

localhost/:13 Refused to execute inline script because it violates the following Content Security Policy directive: “default-src *”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-+SgnNI1LpzxFqZ3RqS4f1ACa8GIyDivfy6TfgwLiXJ8=’), or a nonce (‘nonce-…’) is required to enable inline execution. Note also that ‘script-src’ was not explicitly set, so ‘default-src’ is used as a fallback.

localhost/:1 Refused to apply style from ‘http://localhost:5000/umi.css’ because its MIME type (‘text/html’) is not a supported stylesheet MIME type, and strict MIME checking is enabled.
localhost/:1 Refused to execute script from ‘http://localhost:5000/umi.server.js’ because its MIME type (‘text/html’) is not executable, and strict MIME type checking is enabled.