Content Security Policies (CSP) and Custom UI issue when integrate with Facebook

I’m trying to integrate with facebook login in Forge custom UI app and I cant’ fix this error:

Refused to load the script 'https://connect.facebook.net/en_US/sdk.js' because it violates the following Content Security Policy directive: "script-src 'self' https://forge.cdn.prod.atlassian-dev.net 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

my manifest.yml:

permissions:
  content:
    styles:
      - 'unsafe-inline'
    scripts:
      - 'unsafe-hashes'
      - 'unsafe-inline'
  external:
    scripts:
      - 'https://connect.facebook.net/en_US/sdk.js'
    images:
      - '*'
    fetch:
      client:
        - '*'
      backend:
        - '*'