我正在尝试从Chrome打包应用程序发送请求:
$.ajax({
url: "https://accounts.google.com/o/oauth2/auth?client_id=xxxapps.googleusercontent.com&response_type=id_token&scope=openid%20email", //"https://www.googleapis.com/plus/v1/people/me",
jsonp: "responseText",
dataType: "jsonp",
data: {
q: "select *",
format: "json"
},
success: function( response ) {
console.log( response );
}
});
并收到以下错误:
Refused to load the script
'https://accounts.google.com/o/oauth2/auth?client_id=xxx&q=select+*&format=json&_=xxx'
because it violates the following Content Security Policy directive:
"default-src 'self' chrome-extension-resource:". Note that
'script-src' was not explicitly set, so 'default-src' is used as a fallback.
该应用的清单文件包含以下内容:
"content_security_policy": "script-src 'self' https://accounts.google.com; object-src 'self'"
如何解决此错误?
答案 0 :(得分:2)
您看到的错误消息就是答案。第一个是说你违反了CSP。第二个是说你无法在Chrome应用中更改CSP。
详细了解Content Security Policy in a Chrome App和完整性another discussion in the context of Chrome Extensions。你有问题的答案,但你可能想问一个新问题,解释你想要做什么(而不是你看到这些错误信息的原因)。如果您的总体目标是在Chrome应用中运行外部(即已下载)内容,则根据Chrome网上应用店的开发人员服务条款执行此操作的唯一方法是将代码和消息与您的普通特权代码进行沙盒化处理
答案 1 :(得分:0)
我想通过添加清单来解决它: “权限”:[“https://accounts.google.com/”]