In the extension settings, into Capabilities tab, the new CSP settings allow me to customize img-src, media-src and connect-src directives.
What about the script-src directive? Should I add that directly into the header of my index.html file?
It seems that one of the google firebase script that I use (I have no control over it) is trying to randomly add a script to my extension html which is blocked.
How should I proceed?
The google firebase package is included in my bundle, but the code is trying to import a script at runtime (manipulating dom and adding a script tag). I have no control over this. What should I do?
Sounds like this version of Firebase is not supported for Twitch Extension or you need to read further on firebase on how to tell firebase not to do this