内容安全政策：无法在Chrome扩展程序中加载Google API [英] Content Security Policy: cannot load Google API in Chrome extension

问题描述

这与Chrome扩展程序相关。我正在尝试使用Google Chart API中的一个简单的API

This is relative an Chrome extension. I am trying a simple one which uses the Google Chart API

我在我的html文档popup.html中有这样的代码，它是在点击图标。

I have this code in my html document "popup.html", which is loaded on the click on the Icon.

<!doctype html>
<html>
<head>
  <script type="text/javascript" src="js/libs/jquery-1.8.0.min.js"></script>
  <script type="text/javascript" src="js/popup.js"></script>
  <script type="text/javascript" src="http://www.google.com/jsapi?key=xxxxxxxxxxx"></script>

  [...]
</body>
</html>

我收到以下消息：

I get the following message:

拒绝加载脚本'http://www.google.com/jsapi?key=xxxxxxxxxxx'，因为它违反了以下内容安全策略指令：script-src'self'chrome-extension-资源：。

Refused to load the script 'http://www.google.com/jsapi?key=xxxxxxxxxxx' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".

我知道它是相对于权限的，我试图修改我的Manifest文件但没有成功：

I understood it is something relative to permissions, I tried to modify my Manifest file but without success:

{
  [...]
  "manifest_version": 2,
  "permissions": ["http://*.google.com/"],
  "content_security_policy": "script-src 'self' http://www.google.com; object-src 'self'",
}

有什么想法？

Any idea?

推荐答案

只需使用 https 协议即可。您收到的错误与内容安全政策有关。

Just make it use the https protocol instead. The error you're getting is regarding the Content Security Policy.

请参阅放宽页面的默认策略部分。它提到您只能将 HTTPS ， chrome-extension 和 chrome-extension-资源。

See the Relaxing the default policy section of the page. It mentions that you can only whitelist HTTPS, chrome-extension, and chrome-extension-resource.

这篇关于内容安全政策：无法在Chrome扩展程序中加载Google API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！