I have an add-on which about bookmarks and this add-on have ‘drag and drop feature’ in add-on page. When I change “security.csp.enable” in “about:config”, there isn’t any error.
But normally, when I want to run my add-on, console says “Content Security Policy” and this warn repeat the number of “ondrop=function()” and “ondragover=function2()” numbers.
So, my add-on is still review. How can I solve this problem?
Turning CSPs off globally obviously won’t work. Normally, you could add 'unsafe-inline' to the pages/extensions own CSP, but Firefox explicitly forbids that (and there are good reasons for that).
Solution: you can’t use inline code. Everything must be placed in separate .js files bundles with your extension.
To add your listeners, use document.querySelector('#some-css-selector').addEventListener('event', callback)