It is a WebExtension ... and no I hadn't tried adjusting the manifest.json.
I did that and I still get the same error. I tried:
"content_security_policy": "script-src 'self'; object-src 'self'",
"content_security_policy": "default-src *; script-src *; object-src *",
"content_security_policy": "default-src * 'self' 'unsafe-inline' 'unsafe-eval'; script-src *; object-src *",
"content_security_policy": "default-src * 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self'; object-src 'self'",