solomonkinard
commented
3 years ago Valid MV3 CSP directives for {script,object,worker}-src are {self,none,localhost,127.0.0.1}.. https://github.com/GoogleChromeLabs/extension-manifest-converter/pull/6 should address this once it's merged. This is being addressed by adding a line in the output log. That's preferred over automating such changes which may lead to unexpected results. https://developer.chrome.com/docs/extensions/mv3/intro/mv3-migration/#content-security-policy has more information on CSP for MV3.
I converted content_security_policy and met issue :
'content_security_policy.extension_pages': Insecure CSP value "https://www.google-analytics.com" in directive 'script-src'. Could not load manifest.What can I do to bypass the issue ?