.glb with draco_decoder: Blob and Worker denied by the document's Content Security Policy


I’m trying to load Draco compressed Gltf assets locally, but either the Worker and the Blob assets are returning ‘Content Security Policy’ errors when I’m loading and/or processing my assets.

Is there any workaround to use .glb compressed assets, like some URL tricks or something?

Here is an example of my 2 errors:

game.js:2 Refused to connect to ‘blob:https://my-ext-subdomain.ext-twitch.tv/f2393609-c468-439f-a5bd-62e23142e138’ because it violates the document’s Content Security Policy.

game.js:2 Uncaught (in promise) DOMException: Failed to construct ‘Worker’: Access to the script at ‘blob:https://my-ext-subdomain.ext-twitch.tv/23369d0b-e5e3-4450-a849-eb1d7a82640e’ is denied by the document’s Content Security Policy.
at https://my-ext-subdomain.ext-twitch.tv/ttmt15ie1wtpb0ohdmjqqgmy8mi8wp/0.0.3/aadc5a8a29f1770f643cb32e7180b210/build/game.js:2:100472

Thanks for any help.

If blobs are supported (not sure if not)

But extensions are uplaoded into

A sub folder, and you tried to load the blob from the “root” of the domain instead of the same folder. You need to use a relative link to your resource, not an absolute link.

There is not file at :https://my-ext-subdomain.ext-twitch.tv/f2393609-c468-439f-a5bd-62e23142e138 so it 404’ed and the 404 page didn’t include CORS headers, so you got a misleading error

Edit: additional notes from Discord, blobs may be disallowed as they fall under the eval rule and evals are not allowed

Section 2.6 https://dev.twitch.tv/docs/extensions/guidelines-and-policies