Chrome扩展程序和Jenkins URL [英] Chrome Extension and Jenkins URL's

问题描述

我目前正在尝试开发一个chrome扩展程序，该扩展程序应该显示来自不同Jenkins服务器的数据.用户正在输入jenkins服务器的网址.

I'm currently trying to develop a chrome extension which is supposed to display data from different Jenkins servers. The url to the jenkins server is being entered by the user.

所以基本上我需要能够访问任何种类的詹金斯网址.

So basically what I need is being able to access any kind of jenkins url.

我的问题是Chrome的内容安全政策 仅允许您访问已在manifest.json中注册的域，如下所示:

My problem is that Chrome's Content Security Policy only allows you to access domains which you've registered in the manifest.json like so:

"content_security_policy": "script-src 'self' http://localhost:8080/; object-src 'self'".

但是由于不同的用户将要输入不同的URL，因此我需要能够动态更改此策略，而且我真的不知道该怎么做.

But since different users are going to enter different urls, I'd need to be able to change this policy dynamically, and I don't really know how to do that.

推荐答案

您似乎对将请求发送到随机域所需的内容有误解.

You seem have a misconception as to what is needed to send a request to a random domain.

CSP指令script-src指示您可以在哪里通过<script src="https://some.domain/script.js">从执行代码.确实，这是您无法将其列入白名单的内容.

CSP directive script-src dictates where you can execute code from specifically by <script src="https://some.domain/script.js">. That, indeed, is something you can't whitelist.

要发送GET/POST跨站点请求，您需要主机权限，而不是CSP修改.

To send GET/POST cross-site requests, you need a host permission, not a CSP modification.

有2种可能的方法:

• 授予自己广泛的权限，例如"*://*/*"或"<all_urls>".这将使您以安装时警告可以读取和修改所有网站上的数据" 的代价来查询任何内容.

• 使用可选权限API .这样，您可以避免在安装扩展名时配置安装时警告并提示提升权限.如果不需要经常进行此配置，这将很有意义.

• Give yourself wide permissions, e.g. "*://*/*" or "<all_urls>". This will allow you to query anything at the cost of install-time warning "can read and modify data on all websites".

• Use the optional permissions API. That way, you can avoid the install-time warning and prompt for elevated permissions as the extension is configured. This would make sense if this configuration needs to be done infrequently.

特别注意:自2016年10月4日起，Firefox WebExtensions/Edge Extensions中未实现permissions API，因此，如果考虑到可移植性，则最好暂时避免用于新项目.

Extra note: as of 2016-10-04, permissions API is not implemented in Firefox WebExtensions / Edge Extensions, so if portability is a concern, it's best avoided for new projects for now.

这篇关于Chrome扩展程序和Jenkins URL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！