I have a PR up to add snowtrace.io to our CSP so you will not get CORS errors. It should be released next week.
However, the actual call for contracts/proposals is made through the provider injected to the browser via Metamask (or similar), so if it may require updating a config there.