内容安全政策:无法在Chrome扩展程序中加载Google API [英] Content Security Policy: cannot load Google API in Chrome extension
问题描述
这与Chrome扩展程序相关。我正在尝试使用Google Chart API中的一个简单的API
This is relative an Chrome extension. I am trying a simple one which uses the Google Chart API
我在我的html文档popup.html中有这样的代码,它是在点击图标。
I have this code in my html document "popup.html", which is loaded on the click on the Icon.
<!doctype html>
<html>
<head>
<script type="text/javascript" src="js/libs/jquery-1.8.0.min.js"></script>
<script type="text/javascript" src="js/popup.js"></script>
<script type="text/javascript" src="http://www.google.com/jsapi?key=xxxxxxxxxxx"></script>
[...]
</body>
</html>
我收到以下消息:
I get the following message:
拒绝加载脚本'http://www.google.com/jsapi?key=xxxxxxxxxxx',因为它违反了以下内容安全策略指令:script-src'self'chrome-extension-资源:。
Refused to load the script 'http://www.google.com/jsapi?key=xxxxxxxxxxx' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".
我知道它是相对于权限的,我试图修改我的Manifest文件但没有成功:
I understood it is something relative to permissions, I tried to modify my Manifest file but without success:
{
[...]
"manifest_version": 2,
"permissions": ["http://*.google.com/"],
"content_security_policy": "script-src 'self' http://www.google.com; object-src 'self'",
}
有什么想法?
Any idea?
推荐答案
只需使用 https
协议即可。您收到的错误与内容安全政策有关。
Just make it use the https
protocol instead. The error you're getting is regarding the Content Security Policy.
请参阅放宽页面的默认策略
部分。它提到您只能将 HTTPS
, chrome-extension
和 chrome-extension-资源
。
See the Relaxing the default policy
section of the page. It mentions that you can only whitelist HTTPS
, chrome-extension
, and chrome-extension-resource
.
这篇关于内容安全政策:无法在Chrome扩展程序中加载Google API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!