Firefox extension - cdn access to the html page

Adrian0012 · November 1, 2020, 12:33am

I am looking to get access to jsdelivr cdn ( or any other cnd for that matter ) in the html page.
From the research I have done this is being done in the content_script and content_security_policy but no matter no matter what I have done I still get the following error

Content Security Policy: The page’s settings blocked the loading of a resource at https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js (“script-src”).

here is my manifest and hopefully someone can point me in the right direction

      "background": {
        "scripts": ["background.js"],
        "page": "my-page.html"
      },
    
      "content_scripts": [
        {
          "matches": ["<all_urls>"],
          "js": ["https://code.jquery.com, https://*.cdn.jsdelivr.net/npm"]
        }
      ],
    
      "browser_action": {
        "default_icon": "icons/page-32.png"
      },
    
      "content_security_policy": "script-src 'self' https://*.cdn.jsdelivr.net/npm;  object-src 'self'",
    
      "permissions": [
        "tabs",
        "storage"
      ]
    
    }

freaktechnik · November 1, 2020, 1:24am

You have to include all libraries within your extension.

juraj.masiar · November 1, 2020, 7:54am

Also avoid using content_security_policy in your manifest unless you 100% sure you need it. Else your addon may get rejected by the reviewer.

extensions with ‘unsafe-eval’, ‘unsafe-inline’, remote script, blob, or remote sources in their CSP are not allowed for extensions listed on addons.mozilla.org due to major security issues.

MDN