将Google API Javascript客户端库加载到Chrome扩展程序中 [英] Loading Google API Javascript Client Library into Chrome Extension
问题描述
我一直试图用chrome扩展插入google api javascript客户端库一段时间,但是看起来chrome扩展有一个可怕的情况。指向该脚本的链接是
https ://apis.google.com/js/client.js
下载文件很麻烦,因为脚本实际上加载了其他脚本。我试过把它包含在清单中
manifest.json(摘录)
background:{
scripts:[
background.js,
https://apis.google.com/ js / client.js?onload = callbackFunction
},
但是然后扩展不加载。我也尝试将脚本注入到背景HTML中。
background.js(摘录)
var body = document.getElementsByTagName('body')[0];
var script = document.createElement('script');
script.type ='text / javascript';
script.src =https://apis.google.com/js/client.js?onload=callbackFunction;
body.appendChild(script);
但是chrome调试器给了我
拒绝加载脚本'https://apis.google.com/js/client.js',因为它违反了以下内容安全策略指令:script-src'self'chrome-extension-resource :。
任何想法,还是他们命运分开?
<编辑:请注意,如果您想使用回调函数,则必须将?onload = myCallbackFunction添加到脚本url。谢谢Ilya。更多信息此处 $ b $到目前为止,我发现的唯一解决方案是首先将脚本注入后台html页面,就像我做的那样:
background.js(摘录)
var head = document.getElementsByTagName ( '头')[0];
var script = document.createElement('script');
script.type ='text / javascript';
script.src =https://apis.google.com/js/client.js?onload=callbackFunction;
head.appendChild(script);
然后绕过安全警告,编辑清单文件(来源):
manifest.json(摘录)
content_security_policy:script -src'self'https://apis.google.com; object-src'self'
然而,请注意,绕过安全性只适用于 https 链接,而且我也觉得它有点不好意思......任何其他解决方案都是值得欢迎的。
I've been trying to wed the google api javascript client library with a chrome extension for a while now, but it seems the chrome extension has a terrible case of cold feet. The link to the script is
https://apis.google.com/js/client.js
Downloading the files is messy because the script actually loads other scripts. I've tried including it in the manifest
manifest.json (excerpt)
"background": {
"scripts": [
"background.js",
"https://apis.google.com/js/client.js?onload=callbackFunction"
]
},
but then the extension doesn't load. I've also tried injecting the script into the background html
background.js (excerpt)
var body = document.getElementsByTagName('body')[0];
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = "https://apis.google.com/js/client.js?onload=callbackFunction";
body.appendChild(script);
but the chrome debugger gives me
Refused to load the script 'https://apis.google.com/js/client.js' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".
Any ideas, or are they fated to be kept apart?
Edit: note that you must add "?onload=myCallbackFunction" to the script url if you want to utilize a callback function. Thanks Ilya. More info here
So far the only solution I've found is to first inject the script into the background html page like I did:
background.js (excerpt)
var head = document.getElementsByTagName('head')[0];
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = "https://apis.google.com/js/client.js?onload=callbackFunction";
head.appendChild(script);
And then to bypass the security warning, edit the manifest file (source):
manifest.json (excerpt)
"content_security_policy": "script-src 'self' https://apis.google.com; object-src 'self'"
However, note that bypassing the security only works for https links, and I also find it kind of hacky...any other solutions are welcome
这篇关于将Google API Javascript客户端库加载到Chrome扩展程序中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
