No matter what I do, my popup keeps return this error, "Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://s3.tradingview.com/tv.js". Either the 'unsafe-inline' keyword, a hash ('sha256-RtrTopek4SlRj1jJ/Err6CDLFxdi7+ka5mWfZxTAPfY='), or a nonce ('nonce-...') is required to enable inline execution."
I've tried everything to fix it, including pasting the source JS and running it seperately, I've used the content_security_policy in the manifest, but that doesn't seem to work. Are there any options I can try to fix this? My manifest.json is below,
{
"name": "Stellar Lumens Price Tracker",
"version": "1.1",
"manifest_version": 2,
"description": "Display the price of Stellar Lumens right in your browser.",
"content_security_policy": "script-src 'self' https://s3.tradingview.com/tv.js; object-src 'self'",
"browser_action": {
"default_title": "Stellar Lumens Price Tracker",
"default_popup": "popup.html",
"default_icon": "stellar.png"
},
"background": {
"scripts":["price.js", "popup.js"],
"persistent": true
}
}
HTML and JS Code,
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body style="width: 750px; height: 400px">
<div class="tradingview-widget-container">
<div id="tradingview_e4c1e"></div>
<div class="tradingview-widget-copyright"><a href="https://www.tradingview.com/symbols/BINANCE-XLMUSD/"
rel="noopener" target="_blank"><span class="blue-text">XLMUSD chart</span></a> by TradingView</div>
<script type="text/javascript" src="https://s3.tradingview.com/tv.js"></script>
<script type="text/javascript">
new TradingView.widget(
{
"width": 750,
"height": 400,
"symbol": "BINANCE:XLMUSD",
"interval": "D",
"timezone": "Etc/UTC",
"theme": "Dark",
"style": "1",
"locale": "en",
"toolbar_bg": "rgba(0, 0, 0, 1)",
"enable_publishing": false,
"container_id": "tradingview_e4c1e"
});
</script>
</div>
</body>
</html>
