The new default CSP was preventing SJR and Turbolinks redirects from working out the box, as described in #31273. The default was changed to unsafe_line in 0f7d3b6, but the proper fix is to use the...