由于内容安全策略,google maps api脚本确实会加载 [英] google maps api script does load due to content security policy

查看:88
本文介绍了由于内容安全策略,google maps api脚本确实会加载的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在制作Google Chrome扩展程序,以便使用Google地图。问题是,当我运行我的脚本,然后它给了我这个错误

 拒绝从'https://地图加载脚本.googleapis.com / maps / api / js?key = XXXXXXXXXXXXXXXX& sensor = false',因为Content-Security-Policy。 

这是我的清单文件



<$ p $
name:Name,
version:1.0,
manifest_version:2,
background :{
scripts:[
js / script.js

},
description:Desc,
browser_action:{
default_icon:images / icon.png,
default_title:标题,
default_popup:html / popup.html
},
权限:[
http:// * /,
http://*.google.com/,
http:/ / localhost / *

content_security_policy:script-src'self'http://google.com; object-src'self'



}



我正在添加像这样的脚本

 < script src =../ js / libs / jquery.js>< / script> 
< script type =text / javascriptsrc =https://maps.googleapis.com/maps/api/js?key=XXXXXXXXXXXXXX&sensor=false>< / script>
< script src =../ js / plugins / easing.js>< / script>
< script src =../ js / script.js>< / script>

为什么我一次又一次地得到那个错误?请帮助...

更新一个



清单文件,但仍然无法正常工作

 https://maps.google.com/*,
https ://maps.googleapis.com/*,

更新两个

我也使用过这种content_security_policy

 content_security_policy: default-src'none'; style-src'self'; script-src'self'; connect-src https://maps.googleapis.com; img-src https://maps.google.com

但上面并不适用于我

解决方案

我认为问题在于您没有正确设置Google地图网址的内容安全政策。您应该将清单文件中的content_security_policy更改为如下所示:

 content_security_policy:script-src'self' https://maps.googleapis.com https://maps.gstatic.com; object-src'self'

这仅仅意味着您允许从self / current页面和https://maps.googleapis.com运行脚本。



<试试这个,看看它是否有帮助。


I am making a google chrome extension where I want to use google maps. The problem is that when I run my script then it gives me this error

Refused to load script from 'https://maps.googleapis.com/maps/api/js?key=XXXXXXXXXXXXXXXX&sensor=false' because of Content-Security-Policy.

Here is my manifest file

{
  "name": "Name",
  "version": "1.0",
  "manifest_version": 2,
  "background": { 
    "scripts": [
      "js/script.js"
    ] 
  },
  "description": "Desc",
  "browser_action": {
    "default_icon": "images/icon.png",
    "default_title": "Title",
    "default_popup": "html/popup.html"
  },
  "permissions": [ 
    "http://*/",
    "http://*.google.com/",
    "http://localhost/*"
  ],
  "content_security_policy": "script-src 'self' http://google.com; object-src 'self'"

}

And I am adding my scripts like this

<script src="../js/libs/jquery.js"></script>
  <script type="text/javascript" src="https://maps.googleapis.com/maps/api/js?key=XXXXXXXXXXXXXX&sensor=false"></script>
  <script src="../js/plugins/easing.js"></script>
  <script src="../js/script.js"></script>

Why am I getting that error again and again? Please help...

Update one

I added these two permissions to manifest file but still not working

"https://maps.google.com/*",
"https://maps.googleapis.com/*",

Update two

I also used this sort of content_security_policy

"content_security_policy": "default-src 'none'; style-src 'self'; script-src 'self'; connect-src https://maps.googleapis.com; img-src https://maps.google.com"

But above doesnt work for me either

解决方案

I think the problem here is that you have not correctly set the content security policy for Google Maps URL. You should change your "content_security_policy" in manifest file to something like this:

"content_security_policy": "script-src 'self' https://maps.googleapis.com https://maps.gstatic.com; object-src 'self'"

This simply means that you are allowing to run script from the self/current page, and from the "https://maps.googleapis.com".

Try this, and see if it helps.

这篇关于由于内容安全策略,google maps api脚本确实会加载的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆