When including something like http: or https: in the connect-src and img-src directives of the contentsecuritypolicy of webextensions, they are simply ignored.
Other matches like https://*.example.com/ work as expected.
Other matches like https://*.example.com/ work as expected.