I have an application that provides event management and calendar tools for game developers and tournament organizers:
We are currently working on a Twitch extension that allows our users to embed a list of their upcoming events in their channel. Twitch users can add the events listed to their google or apple calendars, or click into the event itself in order to open our website and get more information.
Currently when our extension attempts to open a URL in the mobile Twitch app the webview pops up but then the site fails to load because it says it violates the Content Security Policy.
Do I need to whitelist the URLs of libraries being pulled by my app? For instance we use firebase for authentication would this be the reason it is violating CSP?
Any help would be appreciated, thanks!