Content Security Policy Violation - preventing app search

When going to the main page https://f-droid.org/ I get the following errors in FireFox:

Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to control workers, or directive ‘frame-src’ to control frames respectively. Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://f-droid.org”). Source: (function(a,w,v,I){var c={safeWindow:{},.... f-droid.org:1 Content Security Policy: The page’s settings blocked the loading of a resource at https://f-droid.org/assets/roboto.ttf (“default-src 'none'”).

And in Chromium I get the following:

Refused to load the font 'https://f-droid.org/assets/roboto.ttf' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback. f-droid.org/:1

If I enter a search term (in my case it was "timesheet") on the main page in the "Find Apps" section and press Return, I get the following error in FF:

Content Security Policy: The page’s settings blocked the loading of a resource at https://staging.f-droid.org/search (“form-action https://f-droid.org”). Failed to load resource: the server responded with a status of 500 (Internal Server Error) f-droid.org/

and in Chromium, respectively:

Refused to send form data to 'https://staging.f-droid.org/search' because it violates the following Content Security Policy directive: "form-action 'self'". f-droid.org/:1

Firefox user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0

Chromium user agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/64.0.3282.167 Chrome/64.0.3282.167