If I just clone down the project, bun install, bun run build, I'm still getting CSP errors in the popup.html.
Pretty sure it's just from the nuxt color script but wasn't able to disable it using colorMode: false etc..
popup-DoL26-5G.js:17 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-tYCcUbFfjZ9QESuTWESGWrFg2SmiEdyD2MYUfRWUgK0='), or a nonce ('nonce-...') is required to enable inline execution.
e._domUpdatePromise.e._domUpdatePromise.Promise.finally.e._domUpdatePromise @ popup-DoL26-5G.js:17Understand this error
popup-DoL26-5G.js:17 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*". Either the 'unsafe-inline' keyword, a hash ('sha256-tYCcUbFfjZ9QESuTWESGWrFg2SmiEdyD2MYUfRWUgK0='), or a nonce ('nonce-...') is required to enable inline execution.
Maybe it's not even that script but seems likely, here is what the head looks like of the popup after render.
Guessing: <script>document.head.removeChild(document.querySelector('[data-nuxt-ui-colors]'))</script>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Default Popup Title</title>
<meta name="manifest.type" content="browser_action">
<script type="module" crossorigin="" src="/chunks/popup-DoL26-5G.js"></script>
<link rel="stylesheet" crossorigin="" href="/assets/popup-_EqiFsAD.css">
<style data-nuxt-ui-colors="">@layer base {
:root {
--ui-color-primary-50: var(--color-green-50, oklch(98.2% 0.018 155.826));
--ui-color-primary-100: var(--color-green-100, oklch(96.2% 0.044 156.743));
...
}</style>
<style id="nuxt-ui-colors">@layer base {
:root {
--ui-color-primary-50: var(--color-green-50, oklch(98.2% 0.018 155.826));
--ui-color-primary-100: var(--color-green-100, oklch(96.2% 0.044 156.743));
.....
}
}</style>
<script>document.head.removeChild(document.querySelector('[data-nuxt-ui-colors]'))</script></head>
If I just clone down the project, bun install, bun run build, I'm still getting CSP errors in the popup.html.
Pretty sure it's just from the nuxt color script but wasn't able to disable it using colorMode: false etc..
popup-DoL26-5G.js:17 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-tYCcUbFfjZ9QESuTWESGWrFg2SmiEdyD2MYUfRWUgK0='), or a nonce ('nonce-...') is required to enable inline execution.
e._domUpdatePromise.e._domUpdatePromise.Promise.finally.e._domUpdatePromise @ popup-DoL26-5G.js:17Understand this error
popup-DoL26-5G.js:17 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*". Either the 'unsafe-inline' keyword, a hash ('sha256-tYCcUbFfjZ9QESuTWESGWrFg2SmiEdyD2MYUfRWUgK0='), or a nonce ('nonce-...') is required to enable inline execution.
Maybe it's not even that script but seems likely, here is what the head looks like of the popup after render.
Guessing:
<script>document.head.removeChild(document.querySelector('[data-nuxt-ui-colors]'))</script>