Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).
Because the contentScript.js injects a payload into the user-space to access the Three objects, CSP settings can prevent inline script injections. No immediately solutions come to mind for debugging arbitrary three scenes, although we might be able to tag the script such that site owners can make an exception to the injected code (maybe by not inlining it and instead reference the allowlisted extension source, maybe an SRI attribute although that'd change for every release).
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).
Because the contentScript.js injects a payload into the user-space to access the Three objects, CSP settings can prevent inline script injections. No immediately solutions come to mind for debugging arbitrary three scenes, although we might be able to tag the script such that site owners can make an exception to the injected code (maybe by not inlining it and instead reference the allowlisted extension source, maybe an SRI attribute although that'd change for every release).