UserVoice Widget causing errors due to CSP

[neocotic]

Getting the following error in the console when loading the options page:

Refused to load the script 'https://by.uservoice.com/t/i/session.js?o=%2B01%3A00' because it violates the following Content Security Policy directive: "script-src 'self' https://ssl.google-analytics.com https://widget.uservoice.com".

I'm pretty sure changing the CSP in the manifest to the following should do the trick:

"script-src 'self' https://ssl.google-analytics.com https://*.uservoice.com; object-src 'self'"

This will need testing. It's not urgent as it's not currently affecting other functionality on the page (yet).

[neocotic]

Also, it seems that UserVoice has changed their widget system. This will require some additional changes and should be done soon so we don't lose feedback support. Even though they are currently still supporting their old system, it's unlikely they will forever.

[neocotic]

This issue has been fixed by #149 and will now be closed.

[neocotic]

It appears this has not been fully resolved. For some reason, it works sometimes but not others. I'm hoping that adding 'unsafe-eval' to the CSP will fix this. Example of the error being seen;

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' https://ssl.google-analytics.com https://*.uservoice.com".

[neocotic]

CSP issue has now been fixed by PR #152.