The solution was to remove the Adobe analytics script until our
operation guys could add the necessary CSP headers in production.The
call that stopped the events from propagating was the first call to the
analytics subdomain of the main site. The script made another call to
secure-ds.serving-sys.com which failed as well (it was blocked by the
CSP headers). But that didn't break the site.
I noticed that the sattelite lib script stops the propagation of click
events on a button if the network request to the analytics server is not
successful. Unfortunately some ad or tracking blockers block the
analytics domain so this happens quite often.In that case things like
the hamburger menu stop working. When I remove the analytics script from
the page everything works fine.