I checked the similar post How to set Content Security Policy in Chrome Extension Manifest.json in order for Firebase to work. I got the issue is related to CSP but however whats the policy I need to set is what I didn't get unfortunately.
I built a chrome extension which uses jsoneditor and that dependency creates this issue. When running the extension I am getting the following exception
Refused to load the script 'data:application/javascript;base64,....' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
and
Uncaught DOMException: Failed to execute 'importScripts' on 'WorkerGlobalScope': The script at 'data:application/javascript;base64,......' failed to load. at blob:chrome-extension://nlgocoglacibgkjnhaahkmepblhmelcp/765c13cb-44d4-480c-a6b1-29527766ae5e:1:1
In the SO question mentioned above urls like
https://cdn.firebase.com https://*.firebaseio.com; are included in content_security_policy.
In my example the script is not loaded from outside domain. How to set the right content_security_policy in this case?
The solution to the problem is the addition of script-src-elem 'self' data: blob:; in the content_security_policy in the manifest.json file.
Mine looks like the following,
"content_security_policy": "script-src 'self'; script-src-elem 'self' data: blob:; worker-src 'self' data: blob:; object-src 'self'"