Chrome 扩展“拒绝加载脚本，因为它违反了以下内容安全策略指令" [英] Chrome Extension "Refused to load the script because it violates the following Content Security Policy directive"

问题描述

我正在尝试创建 Chrome 扩展程序，但我的 JS 都不起作用.控制台显示此错误:

<块引用>

拒绝加载脚本'https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js'因为它违反了以下内容安全策略指令:script-src 'self' blob:文件系统:chrome-extension-resource:".

为什么它会阻止我的 jQuery 运行?

解决方案

如 Chome 网站上所述

一>,有一个内容安全策略阻止您的脚本加载远程脚本:

<块引用>

允许通过 HTTPS 从 example.com 加载脚本资源的宽松策略定义可能如下所示:

"content_security_policy": "script-src 'self' https://example.com; object-src 'self'"

所以在你的情况下，manifest.json 应该包含:

<代码> {"name": "我的分机",清单版本":2，背景":{脚本":[...]},"content_security_policy": "script-src 'self' https://example.com; object-src 'self'",}

I'm trying to create a Chrome extension, but none of my JS works. The console shows this error:

Refused to load the script 'https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js' because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:".

Why is it blocking my jQuery from running?

解决方案

As explained on the Chome website, there is a Content Security Policy preventing your script to load remote script:

A relaxed policy definition which allows script resources to be loaded from example.com over HTTPS might look like:

"content_security_policy": "script-src 'self' https://example.com; object-src 'self'"

So in your case, the manifest.json should contain:

 {
  "name": "My Extension",
  "manifest_version": 2,
  "background":{
     "scripts": [...]
  },
  "content_security_policy": "script-src 'self' https://example.com; object-src 'self'",
 }

这篇关于Chrome 扩展“拒绝加载脚本，因为它违反了以下内容安全策略指令"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！