CSP issues on Chrome 130+

[MJBlack9000]

When loading blank.org I'm greeted with a blank page and a console error:

content-script-loader.main.tsx.js:7 Refused to load the script 'chrome-extension://34ce7500-db6a-4957-a6e7-4b14953e21d6/assets/main.tsx-M-XeBlDr.js' because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Workaround:
set "use_dynamic_url": false in dist/manifest.json

As far as I've gathered, there's no simple way to just tell crxjs to set "use_dynamic_url" to false. But I could be wrong, and I only did limited amount of research

Some helpful references:
crxjs/chrome-extension-tools#918
pnd280/complexity#7

P.S. Thank you for this project. A very useful out-of-the-box solution, nvm the bug above.

[MJBlack9000]

The quickest fix I could come up with [after trying a bunch of things with Vite's plug-ins & unsuccessfully following your HackIssue846 example], the quickest fix I came up with is to modify package.json's build:
"build": "tsc && vite build && sed -i 's/\"use_dynamic_url\": true/\"use_dynamic_url\": false/g' dist/manifest.json",
Obviously, this will only work on Unixes and even there - there might be some compatibility options between sed builds. But it works well for me on Linux.

[sage31]

Thanks MJ, heres a platform agnostic solution for windows users too

Inside update-manifest.js (in root directory)

import fs from "fs";
import path from "path";
const __dirname = import.meta.dirname;

const manifestPath = path.join(__dirname, "dist", "manifest.json");
const manifest = fs.readFileSync(manifestPath, "utf8");
const updatedManifest = manifest.replace(
  '"use_dynamic_url": true',
  '"use_dynamic_url": false'
);
fs.writeFileSync(manifestPath, updatedManifest, "utf8");
console.log("Updated manifest.json");

Inside package.json modify script:
"build": "tsc && vite build && node update-manifest.js",

[Zenoo]

Is there any way to also fix it using the dev script, not only on build ?