chrome 扩展中未加载脚本
Scripts not getting loaded in the chrome extension
我查了类似的postHow to set Content Security Policy in Chrome Extension Manifest.json in order for Firebase to work。我得到的问题与 CSP 有关,但是不幸的是,我需要设置的策略是什么我没有得到。
我构建了一个 chrome 扩展,它使用 jsoneditor 并且该依赖性导致了这个问题。当 运行 扩展时,我得到以下异常
Refused to load the script 'data:application/javascript;base64,....' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
和
Uncaught DOMException: Failed to execute 'importScripts' on 'WorkerGlobalScope': The script at 'data:application/javascript;base64,......' failed to load.
at blob:chrome-extension://nlgocoglacibgkjnhaahkmepblhmelcp/765c13cb-44d4-480c-a6b1-29527766ae5e:1:1
在上面提到的 SO 问题中 urls like
https://cdn.firebase.com https://*.firebaseio.com; 包含在 content_security_policy.
中
在我的示例中,脚本不是从域外加载的。在这种情况下如何设置正确的content_security_policy?
问题的解决方法是在manifest.json文件中的content_security_policy中添加script-src-elem 'self' data: blob:;
我的如下所示,
"content_security_policy": "script-src 'self'; script-src-elem 'self' data: blob:; worker-src 'self' data: blob:; object-src 'self'"
我查了类似的postHow to set Content Security Policy in Chrome Extension Manifest.json in order for Firebase to work。我得到的问题与 CSP 有关,但是不幸的是,我需要设置的策略是什么我没有得到。
我构建了一个 chrome 扩展,它使用 jsoneditor 并且该依赖性导致了这个问题。当 运行 扩展时,我得到以下异常
Refused to load the script 'data:application/javascript;base64,....' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
和
Uncaught DOMException: Failed to execute 'importScripts' on 'WorkerGlobalScope': The script at 'data:application/javascript;base64,......' failed to load. at blob:chrome-extension://nlgocoglacibgkjnhaahkmepblhmelcp/765c13cb-44d4-480c-a6b1-29527766ae5e:1:1
在上面提到的 SO 问题中 urls like
https://cdn.firebase.com https://*.firebaseio.com; 包含在 content_security_policy.
在我的示例中,脚本不是从域外加载的。在这种情况下如何设置正确的content_security_policy?
问题的解决方法是在manifest.json文件中的content_security_policy中添加script-src-elem 'self' data: blob:;
我的如下所示,
"content_security_policy": "script-src 'self'; script-src-elem 'self' data: blob:; worker-src 'self' data: blob:; object-src 'self'"