CSP Violation in Browser Extensions - Segment tries to load Amplitude external scripts

[laugri]

When using @segment/analytics-next in my browser extension, with Amplitude as a destination, the library attempts to load an external script from cdn.segment.com, which violates the Content Security Policy (CSP) restrictions that browser extensions must follow. I get the following errors

Refused to load the script 'https://cdn.segment.com/next-integrations/actions/amplitude-plugins/3b0a288ecd08e5d54cea.js' because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:* chrome-extension://9bbf6c71-ecde-4d95-a751-f6c2b50f2780/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

analytics.ts:4 Failed to create PluginFactory {name: 'Actions Amplitude', creationName: 'Actions Amplitude', libraryName: 'amplitude-pluginsDestination', url: 'https://cdn.segment.com/next-integrations/actions/amplitude-plugins/3b0a288ecd08e5d54cea.js', settings: {…}}

I disabled the integration in order to get rid of the error :

const segment = AnalyticsBrowser.load(
  {
    writeKey: "",
  },
   {
     // Disable external integrations to prevent CSP violations
     integrations: {
      "Actions Amplitude": false,
    },
  },
);

But obviously this isn't great, since it means I can't use Amplitude.

Is there a way to bundle the Amplitude plugin myself and provide it to Segment ? I didn't find anything in the documentation. Thanks !