The cross_origin_src variable which is defined as "https://{{domains[www]}}:{{ports[https][0]}}" + same_origin_src; is not actually substituted with environment information about the server.

The probable reason is that this variable is defined in a .js file (not in a .html).