I created a browser extension based on ReactJS, meaning that all the JS and CSS gets minified, uglified and whatnot and loaded in a single HTML file. While testing it locally, I used
INLINE_RUNTIME_CHUNK=false env variable during the build phase to avoid CSP error and everything worked fine in Firefox and Chrome.
I submitted my extension to both Firefox and Chrome web stores, and both were approved, however, it looks like loading the extension in Firefox still results in CSP error and it’s unable to start, unlike in Chrome.
My current content policy in
manifest.json is defined as:
"content_security_policy": "script-src 'self'; object-src 'self'"
and the exact CSP error I’m getting is:
Content Security Policy: The page’s settings blocked the loading of a resource at inline ("script-src").
I (obviously) don’t have too much experience with browser extensions and CSPs, so I wonder if someone can assist me to get rid of that issue in Firefox? Any help or tip is extremely appreciated and if any more info is needed, please let me know.
Thank you very much in advance!