Yes I agree, our hope is to further expand the twitch extension to provide views with additional event info instead of linking out to our site. However, for our MVP we are opting to link out the website as we also have login/logout functionality for calendar syncing and other features we would like to bring to the extension.
OK so I have whitelisted app.readyup.com which is the root domain of all my links, and the site itself is SSL compliant so I am still unsure as to what would be violating CSP here?
The site does load external libraries, do I also have to whitelist these domains or, as I am assuming from your comment that as long as they are loading over HTTPS with valid SSL they should be fine?
Do you have any additional tips as to how I would track down what it is about app.readyup.com that violates twitch CSP?