Firefox 45 has fixed a Content Security Policy (CSP) implementation bug where dedicated workers were erroneously “inheriting” the policy of the parent document when
importScripts was used.
In the meantime, embedded workers do inherit the parent policy, but make sure your
Blob has a valid script MIME type such as
default-src directive is applied to the worker instead of
script-src, potentially leading to an unexpected CSP error. Yandex.Disk is broken on Firefox 45 due to this restriction.
Update: The issue on Yandex.Disk has been solved by the Yandex team.