Description
Error Message
Refused to load the script 'https://c.daily.co/call-machine/versioned/0.70.0/static/call-machine-object-bundle.js' because it violates the following Content Security Policy directive
Additional Context
I am trying to embed a Daily.co audio/video/screenshare call within a Chrome Extension manifest version 3, using daily-js.
I am using custom call object approach instead of Prebuilt UI approach, because i need to be able to customize app UI / functionality / layout management.
I initially tried DailyIframe.createCallObject(), which failed with an error message that this call requires 'unsafe-eval' and that is disallowed by the Content Security Policy within the extension.
I then followed the instructions on this Guide by the Daily-js team:
https://docs.daily.co/guides/privacy-and-security/content-security-policy
The guide suggests avoiding unsafe-eval by creating the call object like this:
const call = Daily.createCallObject({
dailyConfig: {
avoidEval: true,
},
});
However this still requires adding a script-src directive to the Content Security Policy, with the URL 'https://*.daily.co'.
And it appears that providing any URL here other than 'self' is not allowed in Chrome Extensions manifest v3.
Attempting this produces the error message i have shared above.
How can I get daily-js to work within a chrome extension?
Is it possible, for example, to bundle all required resources (like 'call-machine-object-bundle.js') within the extension and avoid all dynamic loading completely?
Related Past Issues
#166
User @nalhusail asked a similar question back in 2021, but the issue was closed before a response or resolution was provided. I would imagine that three years later, either the Daily team or the community has discovered a workaround. Would love some help with this!
Activity