内容安全策略:无法在 Chrome 扩展程序中加载 Google API [英] Content Security Policy: cannot load Google API in Chrome extension
问题描述
这是一个相对的 Chrome 扩展程序.我正在尝试一个使用 Google Chart API 的简单方法
This is relative an Chrome extension. I am trying a simple one which uses the Google Chart API
我在我的 html 文档popup.html"中有这个代码,它是在点击图标时加载的.
I have this code in my html document "popup.html", which is loaded on the click on the Icon.
<!doctype html>
<html>
<head>
<script type="text/javascript" src="js/libs/jquery-1.8.0.min.js"></script>
<script type="text/javascript" src="js/popup.js"></script>
<script type="text/javascript" src="http://www.google.com/jsapi?key=xxxxxxxxxxx"></script>
[...]
</body>
</html>
我收到以下消息:
拒绝加载脚本http://www.google.com/jsapi?key=xxxxxxxxxxx",因为它违反了以下内容安全政策指令:script-src 'self' chrome-extension-resource:".
Refused to load the script 'http://www.google.com/jsapi?key=xxxxxxxxxxx' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".
我知道这与权限有关,我尝试修改我的清单文件但没有成功:
I understood it is something relative to permissions, I tried to modify my Manifest file but without success:
{
[...]
"manifest_version": 2,
"permissions": ["http://*.google.com/"],
"content_security_policy": "script-src 'self' http://www.google.com; object-src 'self'",
}
有什么想法吗?
推荐答案
只需使用 https
协议即可.您遇到的错误与内容安全政策有关.
Just make it use the https
protocol instead. The error you're getting is regarding the Content Security Policy.
请参阅页面的放宽默认政策
部分.它提到您只能将HTTPS
、chrome-extension
和chrome-extension-resource
列入白名单.
See the Relaxing the default policy
section of the page. It mentions that you can only whitelist HTTPS
, chrome-extension
, and chrome-extension-resource
.
这篇关于内容安全策略:无法在 Chrome 扩展程序中加载 Google API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!