Content Security Policies (CSP) and Custom UI issue

Hey! Does anyone know what I am doing wrong?
I’m trying to implement ffmpeg in my Custom UI application and I can’t fix this console error:

Refused to load the script 'blob:https://92f5e87e-5f2a-4c8c-951e-08a1ba2f14c5.cdn.prod.atlassian-dev.net/5aa86812-58e0-4748-8894-8750a3153d6d' because it violates the following Content Security Policy directive: "script-src 'self' https://forge.cdn.prod.atlassian-dev.net 'unsafe-hashes' 'unsafe-eval' 'unsafe-inline' 'sha256-bOtzk1dUloN05g/LIFdqemUqePLDBuIpdj71nJ6aExc=' https://unpkg.com/@ffmpeg/core@0.10.0/dist/ffmpeg-core.js https://forge.cdn.prod.atlassian-dev.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

I try everything in my manifest.yml:

permissions:
  external:
    scripts:
      - 'https://unpkg.com/@ffmpeg/core@0.10.0/dist/ffmpeg-core.js'
      - 'https://forge.cdn.prod.atlassian-dev.net'
    fetch:
      backend:
        - '*.cdn.prod.atlassian-dev.net'
        - '*.cdn.prod.atlassian-dev.net/ac109162-2b01-4'
        - '*.unpkg.com'
        - 'unpkg.com'
        - '*.unpkg.com/@ffmpeg/core@0.10.0/dist/ffmp'
        - 'https://unpkg.com/@ffmpeg/core@0.10.0/dist/ffmpeg-core.js'
        - 'https://forge.cdn.prod.atlassian-dev.net'
      client:
        - '*.cdn.prod.atlassian-dev.net'
        - '*.cdn.prod.atlassian-dev.net/ac109162-2b01-4'
        - '*.unpkg.com'
        - 'unpkg.com'
        - '*.unpkg.com/@ffmpeg/core@0.10.0/dist/ffmp'
        - 'https://unpkg.com/@ffmpeg/core@0.10.0/dist/ffmpeg-core.js'
        - 'https://forge.cdn.prod.atlassian-dev.net'
  content:
    scripts:
      - 'unsafe-hashes'
      - 'unsafe-eval'
      - 'unsafe-inline'
  scopes:
    - 'write:jira-work'
    - 'read:jira-work'
    - 'read:jira-user'
    - 'manage:jira-project'
    - 'manage:jira-configuration'
1 Like