Serv-U v184.108.40.2067 and v220.127.116.113 appear to have a bug with Content Security Policy (CSP).
I noticed that the close button in the pop-up alert boxes no longer works. Nothing happens when you click it.
I used Firefox Developer Tools and see that there are a lot of the following errors in the console:
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).
All of those errors point to /Common/Scripts/functions.js.
From Chrome's console:
Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'nonce-55BC88D536EF3A05E6913515E5CB285B'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
Chrome errors point to index
This issue is not present in v15.2.2.