I am developing a Chrome extension that enables users to send selected text to a server, which then converts it into speech and returns an MP3 URL for playback.
However, on certain websites, I encounter a Content Security Policy error, preventing the loading and playback of the MP3 URL. The error message is as follows:
Refused to load media from 'https://storage.googleapis.com/***8d7fc.mp3' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'media-src' was not explicitly set, so 'default-src' is used as a fallback.
Given this situation, how can I successfully play audio files stored on an external server that violate the Content Security Policy directive?
What I have tried:
I attempted to overwrite the meta tag, but the error remains unresolved. I presume this is because the header information takes precedence. Here is the meta tag I used:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src *; media-src *; font-src *; style-src *">
Any suggestions or solutions would be greatly appreciated.