I’m trying to build an extension that uses IP geolocation data to show a different panel based on country (to show country specific sponsors).
However I get:
Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' https://a5uipe7uq1s4tjmuqvym52ryjtdz0p.ext-twitch.tv https://extension-files.twitch.tv https://www.google-analytics.com". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style
But I have no inline scripts outside the bundle as you can see in the source below, I initially used an onload event but switched to the button for testing.
The script calls on an API over at https://ipinfo.io/ but its on my whitelist in the dev panel under connect-src but it doesn’t even seem to get that far
it worked fine on the rig and local hosting, so I know the code is good, but need to figure out why its running afoul of the CSP rules when as far as I can tell it meets them