Question

我正在尝试使用我的Chrome扩展程序中的Facebook登录示例代码弹出一个标签。到目前为止，我在这个例子中使用了直接的教程代码。

该选项卡打开正常，但是，由于跨站点安全策略问题，facebook的javascript无法加载，我也收到内联脚本错误 - 这看起来很奇怪（除非动态添加的元素有内联脚本，触发错误信息？）

我在哪里可以学习如何正确地做这种事情？

错误：

Refused to load script from 'https://connect.facebook.net/en_US/all.js' because of Content-Security-Policy.
Refused to execute inline script because of Content-Security-Policy.

background.js：

chrome.tabs.create({url: 'popup.html'})

popup.html：//来自facebook api文档的示例登录代码

  <head>
    <title>Facebook Client-side Authentication Example</title>
    <script type="text/javascript" src="popup.js"></script>
  </head>
  <body>
    <div id="fb-root"></div>
    <script>

    </script>

    <h1>Facebook Client-side Authentication Example</h1>
      <div id="auth-status">
        <div id="auth-loggedout">
          <a href="#" id="auth-loginlink">Login</a>
        </div>
        <div id="auth-loggedin" style="display:none">
          Hi, <span id="auth-displayname"></span>  
        (<a href="#" id="auth-logoutlink">logout</a>)
      </div>
    </div>

  </body>
</html>

popup.js：//来自facebook dev的示例代码

// Load the SDK Asynchronously
(function (d) {
    var js, id = 'facebook-jssdk',
        ref = d.getElementsByTagName('script')[0];
    if (d.getElementById(id)) {
        return;
    }
    js = d.createElement('script');
    js.id = id;
    js.async = true;
    js.src = "https://connect.facebook.net/en_US/all.js";
    ref.parentNode.insertBefore(js, ref);
}(document));

// Init the SDK upon load
window.fbAsyncInit = function () {
    FB.init({
        appId: '', // App ID
        channelUrl: '//' + window.location.hostname + '/channel', // Path to your Channel File
        status: true, // check login status
        cookie: true, // enable cookies to allow the server to access the session
        xfbml: true // parse XFBML
    });

    // listen for and handle auth.statusChange events
    FB.Event.subscribe('auth.statusChange', function (response) {
        if (response.authResponse) {
            // user has auth'd your app and is logged into Facebook
            FB.api('/me', function (me) {
                if (me.name) {
                    document.getElementById('auth-displayname').innerHTML = me.name;
                }
            })
            document.getElementById('auth-loggedout').style.display = 'none';
            document.getElementById('auth-loggedin').style.display = 'block';
        } else {
            // user has not auth'd your app, or is not logged into Facebook
            document.getElementById('auth-loggedout').style.display = 'block';
            document.getElementById('auth-loggedin').style.display = 'none';
        }
    });

    // respond to clicks on the login and logout links
    document.getElementById('auth-loginlink').addEventListener('click', function () {
        FB.login();
    });
    document.getElementById('auth-logoutlink').addEventListener('click', function () {
        FB.logout();
    });
}

Answer 1

http://developer.chrome.com/extensions/contentSecurityPolicy.html将是一个良好的开端，就像HTML5Rocks上的"An Introduction to Content Security Policy"一样。

在这种情况下，您似乎需要将https://connect.facebook.net列入白名单;您可以通过将"content_security_policy": "script-src 'self' https://connect.facebook.net; object-src 'self'"添加到manifest.json文件来实现这一目标。

内联脚本错误可能是由script中的空popup.html标记造成的，但也可能是由于Facebook的脚本正在注入页面。只有一种方法可以找出... :)

如何将外部脚本加载到Chrome扩展程序中？

1 个答案: