Hi
I’m trying to build an extension that uses IP geolocation data to show a different panel based on country (to show country specific sponsors).
However I get:
Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' https://a5uipe7uq1s4tjmuqvym52ryjtdz0p.ext-twitch.tv https://extension-files.twitch.tv https://www.google-analytics.com". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style
But I have no inline scripts outside the bundle as you can see in the source below, I initially used an onload event but switched to the button for testing.
The script calls on an API over at https://ipinfo.io/ but its on my whitelist in the dev panel under connect-src but it doesn’t even seem to get that far
it worked fine on the rig and local hosting, so I know the code is good, but need to figure out why its running afoul of the CSP rules when as far as I can tell it meets them
<!DOCTYPE html>
<html>
<head>
<title>Viewer Page</title>
</head>
<body">
<link rel="stylesheet" type="text/css" href="panel.css" />
<div id="app" class="full-height"></div>
<script src="https://extension-files.twitch.tv/helper/v1/twitch-ext.min.js"></script>
<script src="jquery-3.3.1.min.js"></script>
<script src="viewer.js" type="text/javascript"></script>
<h2>Hello Viewers</h2>
<p>If you are seeing this you are from a country where I do not currently have any suitable partner or affilate deals</p>
<button onclick=getIPLocation()>Testt</button>
</div>
</body>
</html>