拒绝执行内联事件处理程序,因为它违反了CSP。 (SANDBOX) [英] Refused to execute inline event handler because it violates CSP. (SANDBOX)
问题描述
<$ c当我将Sandbox放入manifest.json时,我正在开发google chrome 打包的应用程序。 $ c $ {
manifest_version:2,
name:WM32216,
version:2.1,
minimum_chrome_version:23,
permissions:[webview,https://ajax.googleapis.com/*],
sandbox:{
pages:[index.html ]
},
app:{
background:{
scripts:[main.js]
}
} b
我的定位标记上的 onclick 事件有效,并且该应用程序的流程是完整的,除此之外,来自css样式表的图标无法加载。
我得到了错误控制台
文件未找到,
但那些只是字体,所以对我来说很好,
最大的问题是,iframe中的视频无法播放,我得到了之前的额外错误字体是:
VIDEOJS:错误:(代码:4 MEDIA_ERR_SRC_NOT_SUPPORTED)媒体无法加载,因为服务器或网络失败或因为格式不受支持。
不允许加载本地资源:blob:null / b818b32c-b762-4bd9 -...
当我在manifest.json文件中删除沙盒时,一切都很好,控制台中没有关于字体的错误,
但是当我点击/点击我的定位标记,它具有点击事件以在js中加载新功能我收到以下控制台错误:
拒绝执行内联事件处理程序,因为它违反了以下内容安全策略指令:default-src'self'blob:filesystem:chrome-extension-resource:。 内联不安全关键字,散列('sha256 -...')或一个随机数('nonce -...')是启用内联执行所必需的。还要注意,'script-src'没有明确设置,所以'default-src'被用作后备。
对不起很长的细节,
我只需要帮助,因为我已经在这里呆了3天了。
解决方案回答您的非沙盒相关问题:
您的代码中包含以下内容:
< button onclick =myFunction()>点击我< / button>
简而言之,这在chrome应用程序中是不允许的。
html:
< button id =myButton>点击我< /按钮>
< script src =myScripts.js>< / script>
myScript.js:
document.getElementById(myButton)。addEventListener(click,myFunction);
函数myFunction(){
console.log('asd');
}
长篇小说:
在Chrome应用程序中,内容安全策略不允许内嵌JavaScript。所以你必须把你的javascript放在一个.js文件中,并将它包含到你的html中。
更多阅读: https://developer.chrome.com/extensions/contentSecurityPolicy
I'm developing a google chrome packaged app, when I put Sandbox in the manifest.json
{
"manifest_version": 2,
"name": "WM32216",
"version": "2.1",
"minimum_chrome_version": "23",
"permissions":["webview", "https://ajax.googleapis.com/*"],
"sandbox":{
"pages":["index.html"]
},
"app": {
"background": {
"scripts": ["main.js"]
}
}
}
An onclick event on my anchor tag works, and the flow of the app is complete EXCEPT THAT, icons from a css stylesheet doesn't load.
I got an error from the console that
File not found ,
but those are just fonts so it's fine with me,
The big problem is that, the video in the iframe doesn't play and I got additional error prior to the Font which are:
VIDEOJS: ERROR: (CODE:4 MEDIA_ERR_SRC_NOT_SUPPORTED) The media could not be loaded, either because the server or network failed or because the format is not supported.
Not allowed to load local resource: blob:null/b818b32c-b762-4bd9-...
When I remove the sandbox in the manifest.json file, everything is good no errors in the console about the font,
BUT when I hit/click my anchor tag that has a click event to load a new function in the js I'm getting the following Console Error :
Refused to execute inline event handler because it violates the following Content Security Policy directive: "default-src 'self' blob: filesystem: chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
Sorry for the very long detail,
I just need help with this because I'm stuck here for 3 days already.
解决方案 Answer for your non sandbox related question:
You have something in your code like this:
<button onclick="myFunction()">Click me</button>
In a nutshell this is not allowed in chrome apps. Change this to the following and it will work:
html:
<button id="myButton">Click me</button>
<script src="myScripts.js"></script>
myScript.js:
document.getElementById("myButton").addEventListener("click", myFunction);
function myFunction(){
console.log('asd');
}
Long story:
In chrome apps Content Security Policy does not allow inline javascript. So you have to put your javascript in a .js file and include it to your html.
Further reading: https://developer.chrome.com/extensions/contentSecurityPolicy
这篇关于拒绝执行内联事件处理程序,因为它违反了CSP。 (SANDBOX)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
