Google Chrome

Content-Security-Policy and manifest v3?

Hey!
I can not deal with the 3rd version of the manifesto in any way.
It seems like version 3 now prohibits injecting scripts into the page, but I have 90% of the plugin built on this to ennoble the site with new features.
on the manifest version 2 - everything works, but changing it to 3 gives the following error:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-xh//iOp5YsjV4AHCfTPhZ7ybsMYdmYyvqiTjVw3FmHY='), or a nonce ('nonce-...') is required to enable inline execution.

I started to look at what kind of error, but everywhere there are examples for version 2 of the manifest, with options:

Content-Security-Policy: script-src 'nonce-EDNnf03nceIOfn39fn3e9h3sdfa'
Content-Security-Policy: script-src 'sha256-xh//iOp5YsjV4AHCfTPhZ7ybsMYdmYyvqiTjVw3FmHY='

in version 3 of the manifest, you need to declare differently:

"content_security_policy": {
  "extension_pages": "...",
  "sandbox": "..."
}

But wherever I look, they write like "just change it to this form", but I can't find where. I tried it in different ways - everything is in vain, either the plugin swears at the wrong manifest when loading, or the error, which is higher, simply remains.
I swear at the place where I create the script tag, shove my functions there and inject into html:

let PageScriptSpace = document.createElement('script');
InjectFunction = function(PageScriptSpace, func) {
   PageScriptSpace.innerHTML += func + ';';
}
InjectFunction(PageScriptSpace,  foo);
InjectFunction(PageScriptSpace,  bar);
h = document.querySelector('head');
h.appendChild(PageScriptSpace);

Please share examples.