'Chrome Extension: Refused to load the script, because it violates the following Content Security Policy directive: "script-src 'self'"

I'm trying to add a game to Chrome Web Store as an extension, but I'm having some problems with it. The game is made in Unity3D.

The Error:

Refused to load the script 'blob:chrome-extension://laacabdjcfgafjkeclplanjohdbpapgn/88f06275-2339-4218-a7c4-ab954cbaafdc' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

The code where the error is triggered:

function f() {
        return d("frameworkUrl").then(function(e) {
            var t = URL.createObjectURL(new Blob([e], {
                type: "application/javascript"
            }));
            return new Promise(function(e, n) {
                var r = document.createElement("script");
                r.src = t, r.onload = function() {
                    var n = unityFramework;
                    unityFramework = null, r.onload = null, URL.revokeObjectURL(t), e(n)
                }, document.body.appendChild(r), c.deinitializers.push(function() {
                    document.body.removeChild(r)
                })
            })
        })
    }

The exact line:

 }, document.body.appendChild(r), c.deinitializers.push(function() {

Image: Error from Chrome Extension Dashboard in Developer Mode

The extension is using Manifest Version 3. No external scripts/resources are being used. I'm trying for some days to solve this, but I couldn't make it.

Has anybody tried something like this and could help me? Or maybe you have an idea... I'm open to it.

Thanks! :)



Solution 1:[1]

Your code try to add external script t to the extension page. It is conceptually prohibited in manifest V3 for security reason. Actually, CSP directive script-src 'self' prohibits that.

https://developer.chrome.com/docs/extensions/mv3/intro/mv3-migration/#content-security-policy

You cannot execute external code also in content script.

https://developer.chrome.com/docs/extensions/mv3/intro/mv3-migration/#executing-arbitrary-strings

If you want to execute external code, you can execute it in sandbox page.

https://developer.chrome.com/docs/extensions/mv3/manifest/sandbox/

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 hashed tomato