Manifest auto injecting CSP #86
Description
I am trying to install the extension on firefox, when I do I get met with error
Warning details Reading manifest: Error processing content_security_policy.extension_pages: “script-src” directive contains a forbidden http: protocol source
I have found that in the manifest it is auto injecting
"content_security_policy": { "extension_pages": "script-src 'self' http://localhost;object-src 'self';" }
In version 3 of the manifest, you cannot refrence a remote script with script-src anymore, moreover it also does not allow http requests. I cannot find out why this is happening. I can only figure out that this is being injected on compile.
I discovered this while looking for the issues for #67
If you go to the compiled manifest in build/firefox and edit the manifest and CSP by removing the locahost injection is starts working. I do not know firefox well enough to figure this out right now.