内容安全策略:无法在 Chrome 扩展程序中加载 Google API [英] Content Security Policy: cannot load Google API in Chrome extension

问题描述

这是一个相对的 Chrome 扩展程序.我正在尝试一个使用 Google Chart API 的简单方法

This is relative an Chrome extension. I am trying a simple one which uses the Google Chart API

我在我的 html 文档popup.html"中有这个代码，它是在点击图标时加载的.

I have this code in my html document "popup.html", which is loaded on the click on the Icon.

<!doctype html>
<html>
<head>
  <script type="text/javascript" src="js/libs/jquery-1.8.0.min.js"></script>
  <script type="text/javascript" src="js/popup.js"></script>
  <script type="text/javascript" src="http://www.google.com/jsapi?key=xxxxxxxxxxx"></script>

  [...]
</body>
</html>

我收到以下消息:

拒绝加载脚本http://www.google.com/jsapi?key=xxxxxxxxxxx"，因为它违反了以下内容安全政策指令:script-src 'self' chrome-extension-resource:".

Refused to load the script 'http://www.google.com/jsapi?key=xxxxxxxxxxx' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".

我知道这与权限有关，我尝试修改我的清单文件但没有成功:

I understood it is something relative to permissions, I tried to modify my Manifest file but without success:

{
  [...]
  "manifest_version": 2,
  "permissions": ["http://*.google.com/"],
  "content_security_policy": "script-src 'self' http://www.google.com; object-src 'self'",
}

有什么想法吗?

推荐答案

只需使用 https 协议即可.您遇到的错误与内容安全政策有关.

Just make it use the https protocol instead. The error you're getting is regarding the Content Security Policy.

请参阅页面的放宽默认政策部分.它提到您只能将HTTPS、chrome-extension 和chrome-extension-resource 列入白名单.

See the Relaxing the default policy section of the page. It mentions that you can only whitelist HTTPS, chrome-extension, and chrome-extension-resource.

这篇关于内容安全策略:无法在 Chrome 扩展程序中加载 Google API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！