Chrome应用中的内容安全政策 [英] Content Security Policy in Chrome App
问题描述
我的Chrome应用具有以下清单:
{
name:,
版本:1.0.3,
manifest_version:2,
description:Chrome扩展名为。,
图标:{
16 :images / test.png,
19:images / test.png,
256:images / test.png
},
app:{
background:{
scripts:[
background.js
]
}
},
sandbox:{
js:[
lib / test-api.js
]
},
权限:[
< all_urls>,
notifications,
storage,
videoCapture
]
}
我有一个运行 eval
的脚本文件。已阅读有关 CSP 和沙盒,但我仍然得到是错误:
$ b
拒绝将字符串评估为JavaScript,因为'unsafe-eval'是
不是脚本允许的源代码以下Content Security
Policy指令:default-src'self'chrome-extension-resource:。
请注意'script-src'没有明确设置,所以'default-src'是
作为后备。
您是否尝试将CSP行添加到清单中,如 CSP 链接?
content_security_policy:script-src'self''unsafe-eval '; object-src'self'
My Chrome app has the following manifest:
{
"name": ",
"version": "1.0.3",
"manifest_version": 2,
"description": "Chrome Extension for.",
"icons": {
"16": "images/test.png",
"19": "images/test.png",
"256": "images/test.png"
},
"app": {
"background": {
"scripts": [
"background.js"
]
}
},
"sandbox": {
"js": [
"lib/test-api.js"
]
},
"permissions": [
"<all_urls>",
"notifications",
"storage",
"videoCapture"
]
}
I have a script file that runs eval
. I have read about CSP and sandboxing, but I still get this error:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
Have you tried adding the CSP line to your manifest as per your CSP link?
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"
这篇关于Chrome应用中的内容安全政策的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!