Cannot load DotLottieReact player inside a web extension due to WASM CSP policy

[maxwelljmckee]

Overview

I'm trying to add a lottie animation to my chrome web extension, but it fails because the CSP policy does not allow for the web assembly module to be loaded. This is the error output I'm seeing:

Primary WASM load failed from https://cdn.jsdelivr.net/npm/@lottiefiles/[email protected]/dist/dotlottie-player.wasm. Error: Aborted(CompileError: WebAssembly.instantiate(): Refused to compile or instantiate WebAssembly module because neither 'wasm-eval' nor 'unsafe-eval' is an allowed source of script in the following Content Security Policy directive: "script-src 'self'"). Build with -sASSERTIONS for more info.

However, when I add the recommended CSP specifications to my extension manifest, chrome will not allow it to be compiled due to insufficient security standards:

Failed to load extension
File
~/dev/browser_extension/dist/chrome
Error
'content_security_policy.extension_pages': Insecure CSP value "wasm-unsafe-eval" in directive 'script-src'.
Could not load manifest.

Is there a Lottie solution that doesn't use WebAssembly to load a player? Are there any workarounds for this use case?

[theashraf]

@maxwelljmckee You can have a look at this comment #337 (comment)