无法使 GWT 应用程序作为 Chrome 打包应用程序工作,可能是由于 CSP [英] Can not make GWT application work as Chrome packaged app, probably due to CSP
问题描述
不断收到 CSP 错误:拒绝执行内联脚本,因为它违反了以下内容安全策略指令:script-src 'self'"
Keep getting CSP errors: "Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'"
问题可能是由于 GWT 生成的 HTML 文件包含内联 JS.
The problem is probably due to HTML files generated by GWT which contain inline JS.
UPD:更改为清单版本 1 有所帮助,但这是临时解决方法,因为 Chrome 21 抱怨不再支持它.
UPD: Changing to manifest version 1 helped, but this is a temporary workaroud, as Chrome 21 complains that it will no longer be supported.
UPD2: <add-linker name="xsiframe"/> 也没有帮助
推荐答案
GWT 2.5.1 终于解决了这个问题.记录此内容的发行说明位于此处:
GWT 2.5.1 has finally fixed this problem. The release notes documenting this are here:
https://developers.google.com/web-toolkit/release-notes#Release_Notes_2_5_1
他们声明:
使用 DirectInstallLinker 构建的应用程序应该在禁止内联脚本的页面(例如 Chrome 扩展程序)中工作"
"Apps built with DirectInstallLinker should work in a page where inline scripts are forbidden (e.g. a Chrome extension)"
这意味着现在可以使用 DirectInstallLinker 以一种满足清单版本 2 关于内联脚本的新安全要求的方式链接您的 Chrome 打包应用程序.也就是说,通过使用 DirectInstallLinker 将您的应用程序与选择为 GWT 版本的 GWT 2.5.1 链接起来,GWT 不会在其生成的 Javascript 中放置任何内联脚本元素,因此新的清单版本 2 要求没有内联脚本将不会被侵犯.
This means that it is now possible to use DirectInstallLinker to link your Chrome packaged app in a manner that satisfies the new security requirements of manifest version 2 regarding inline scripts. That is, by using DirectInstallLinker to link your app with GWT 2.5.1 selected as your GWT version, GWT will not place any script elements inline in its generated Javascript, and thus the new manifest version 2 requirement that there be no inline scripts will not be violated.
我发现 SingleScriptLinker 似乎也适用于我自己的应用程序;但是,问题 7685 警告不要使用 SingleScriptLinker,因为这会生成一个 $doc.write 行,这在打包的应用程序中是被禁止的."我自己正在使用 DirectInstallLinker.
I have found that SingleScriptLinker also seems to work for my own app; however, Issue 7685 warns against using the SingleScriptLinker because "This generates a $doc.write line which is forbidden in packaged apps." I am using DirectInstallLinker myself.
这是 DirectInstallLinker 的 Javadoc:
Here is the Javadoc for DirectInstallLinker:
要使用此链接器,您可以在 *.gwt.xml 文件中包含以下内容:
To use this linker, you can include the following in your *.gwt.xml file:
<define-linker name="dil" class="com.google.gwt.core.linker.DirectInstallLinker"/>
<add-linker name="dil" />
(dil 可以替换为您选择的任何内容,只要没有破折号或其他非法字符即可).
(dil can be replaced by anything you choose, so long as there are no dashes or other illegal characters).
您需要选择 GWT 2.5.1 作为您的 GWT 版本.如果您在过时版本的 Eclipse 中使用旧版本的 GWT,例如 Ganymede(就像我以前那样),您必须至少升级到 Helios,然后将您的项目导入到新的 Eclipse 环境中.可用于最新三个 Eclipse 版本的 Google Plugin for Eclipse 存档 URL 可在此处找到:
You will need to select GWT 2.5.1 as your version of GWT. If you're using an older version of GWT in an out-of-date version of Eclipse such as Ganymede (as I was), you'll have to upgrade to at least Helios and then import your project to your new Eclipse environment. The archive URLs for the Google Plugin for Eclipse that can be used for the latest three Eclipse versions can be found here:
https://developers.google.com/eclipse/docs/download
有了上面的地方,你应该可以设置
With the above in place, you should be able to set
"manifest_version": 2
在您的 manifest.json 文件中,并且不会因为 GWT 生成的内联 Javascript 而遇到任何错误.这应该能让 Chrome 网上应用店接受您的 Chrome 网络应用程序(现在,任何新应用程序或现有应用程序的更新都需要清单版本 2),只要没有其他问题.
in your manifest.json file and not experience any errors due to GWT-generated inline Javascript. This should allow your Chrome Web app to be acceptable to the Chrome Web Store (which now requires manifest version 2 for any new apps or for updates to present apps), so long as there are no other issues.
这篇关于无法使 GWT 应用程序作为 Chrome 打包应用程序工作,可能是由于 CSP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
