With 22.214.171.124, the CSP handling changed, at least for Run in Desktop and Deploy to Local Folder. Prior to 126.96.36.199, the CSP was ignored for these deployment methods. That means that there was no meta tag created. Which means, for most browsers, to allow some same domain access. If you have a CSP, it must be specific as to exactly what can access what.
I recommend, to eliminate the CSP aspect of this question, is to remove the CSP property from the Project properties (it’s new location in 188.8.131.52) completely. If you’re adding the CSP manually, then I would eliminate that injection.