Webview with "script-src vscode-resource:" fails to load

[akoliada]

Description

Webview with "script-src vscode-resource" Content Security Policy directive cannot be loaded properly as in URIs "vscode-resource:" is replaced with "/webview/".

Reproduction Steps

Sample plugin: https://marketplace.visualstudio.com/items?itemName=janisdd.vscode-edit-csv

• Execute 'CSV: Edit as CSV' command having a CSV document opened.

OS and Theia version:
RHEL 7.6, latest

Diagnostics:
The error from the browser console: Refused to load the script 'https://<MY_HOSTNAME>/webview/tmp/vscode-unpacked/janisdd.vscode-edit-csv-0.1.4.vsix/extension/thirdParty/papaparse.min.js' because it violates the following Content Security Policy directive: "script-src vscode-resource: 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Note: Script URL can be opened in browser - the location is correct.