如何在扩展弹出窗口中加载外部JavaScript [英] How to load an external JavaScript inside an extension popup

问题描述

我试图构建一个页面动作扩展，并且需要从弹出窗口中加载一个外部JavaScript库（它需要来自外部域，以便发送正确的cookie）。

然而，我得到这个错误信息：

lockquote

拒绝从
加载脚本http：// api.flattr.com/js/0.6/load.js?mode=auto'，因为
Content-Security-Policy。

有没有办法解决这个问题？

解决方案

由于安全原因，不再允许通过纯HTTP使用脚本。请参阅此问题。

从链接页面：

是的，我们不再允许扩展中的不安全脚本。如果您
通过HTTP加载脚本，活动网络攻击者可以将脚本
插入到您的扩展中，这是一个安全漏洞。

建议的解决方案是尽可能通过HTTPS链接脚本。另一个是将脚本包含在插件中。

I'm trying to build a page action extension and need to load an external JavaScript library from the popup (it needs to come from the external domain so that the correct cookies are sent).

However I get this error message:

Refused to load script from 'http://api.flattr.com/js/0.6/load.js?mode=auto' because of Content-Security-Policy.

Is there any way around this?

解决方案

Using scripts via plain HTTP is no longer allowed for security reasons. See this issue.

From linked page:

Yeah, we're no longer allowing insecure scripts in extensions. If you load a script over HTTP, an active network attacker can inject script into your extension, which is a security vulnerability.

One suggested solution is to link the scripts via HTTPS where possible. Another one is to include the script with the plugin itself.

这篇关于如何在扩展弹出窗口中加载外部JavaScript的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！