So a really nasty fingerprint...
See https://github.com/easylist/easylist/issues/6921
This is doable by any other given site too. I realize this is more a firefox issue, but I wonder if there's a way around this.
More or less an FYI as I'm not sure it can be helped.
This is how CSP works so I don't see what we can do here. The only workaround is to remove the CSP header via browser.webRequest API (we can do it but it's really outside of the scope of the extension) or the users can disable something in about:config about reporting themselves like maybe set security.csp.reporting.script-sample.max-length to 1 or 0. Anyway, those who are concerned with the potential for fingerprinting should be already blocking all kinds of reporting in their browsers.
Use uBlock Origin. ~_Why aren't you using it yet?_~
https://github.com/gorhill/uBlock/wiki/Dashboard:-Settings#block-csp-reports
I am using uBlock Origin, and I have no-csp-reports set in the settings...this still happens unless I block it explicitly. Go try it.
Ok so now it's working properly...weird. Please close.
Most helpful comment
Use uBlock Origin. ~_Why aren't you using it yet?_~
https://github.com/gorhill/uBlock/wiki/Dashboard:-Settings#block-csp-reports