由于内容安全策略,google maps api脚本确实会加载 [英] google maps api script does load due to content security policy
问题描述
我正在制作Google Chrome扩展程序,以便使用Google地图。问题是,当我运行我的脚本,然后它给了我这个错误
拒绝从'https://地图加载脚本.googleapis.com / maps / api / js?key = XXXXXXXXXXXXXXXX& sensor = false',因为Content-Security-Policy。
这是我的清单文件
<$ p $
name:Name,
version:1.0,
manifest_version:2,
background :{
scripts:[
js / script.js
},
description:Desc,
browser_action:{
default_icon:images / icon.png,
default_title:标题,
default_popup:html / popup.html
},
权限:[
http:// * /,
http://*.google.com/,
http:/ / localhost / *
,
content_security_policy:script-src'self'http://google.com; object-src'self'
}
我正在添加像这样的脚本
< script src =../ js / libs / jquery.js>< / script>
< script type =text / javascriptsrc =https://maps.googleapis.com/maps/api/js?key=XXXXXXXXXXXXXX&sensor=false>< / script>
< script src =../ js / plugins / easing.js>< / script>
< script src =../ js / script.js>< / script>
为什么我一次又一次地得到那个错误?请帮助...
更新一个
清单文件,但仍然无法正常工作
https://maps.google.com/*,
https ://maps.googleapis.com/*,
更新两个
我也使用过这种content_security_policy
content_security_policy: default-src'none'; style-src'self'; script-src'self'; connect-src https://maps.googleapis.com; img-src https://maps.google.com
但上面并不适用于我
我认为问题在于您没有正确设置Google地图网址的内容安全政策。您应该将清单文件中的content_security_policy更改为如下所示:
content_security_policy:script-src'self' https://maps.googleapis.com https://maps.gstatic.com; object-src'self'
这仅仅意味着您允许从self / current页面和https://maps.googleapis.com运行脚本。
<试试这个,看看它是否有帮助。
I am making a google chrome extension where I want to use google maps. The problem is that when I run my script then it gives me this error
Refused to load script from 'https://maps.googleapis.com/maps/api/js?key=XXXXXXXXXXXXXXXX&sensor=false' because of Content-Security-Policy.
Here is my manifest file
{
"name": "Name",
"version": "1.0",
"manifest_version": 2,
"background": {
"scripts": [
"js/script.js"
]
},
"description": "Desc",
"browser_action": {
"default_icon": "images/icon.png",
"default_title": "Title",
"default_popup": "html/popup.html"
},
"permissions": [
"http://*/",
"http://*.google.com/",
"http://localhost/*"
],
"content_security_policy": "script-src 'self' http://google.com; object-src 'self'"
}
And I am adding my scripts like this
<script src="../js/libs/jquery.js"></script>
<script type="text/javascript" src="https://maps.googleapis.com/maps/api/js?key=XXXXXXXXXXXXXX&sensor=false"></script>
<script src="../js/plugins/easing.js"></script>
<script src="../js/script.js"></script>
Why am I getting that error again and again? Please help...
Update one
I added these two permissions to manifest file but still not working
"https://maps.google.com/*",
"https://maps.googleapis.com/*",
Update two
I also used this sort of content_security_policy
"content_security_policy": "default-src 'none'; style-src 'self'; script-src 'self'; connect-src https://maps.googleapis.com; img-src https://maps.google.com"
But above doesnt work for me either
I think the problem here is that you have not correctly set the content security policy for Google Maps URL. You should change your "content_security_policy" in manifest file to something like this:
"content_security_policy": "script-src 'self' https://maps.googleapis.com https://maps.gstatic.com; object-src 'self'"
This simply means that you are allowing to run script from the self/current page, and from the "https://maps.googleapis.com".
Try this, and see if it helps.
这篇关于由于内容安全策略,google maps api脚本确实会加载的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!