截至此问题Can't load facebook js sdk from Chrome extension 我尝试基本相同的事情
background.js
(function(d, s, id, debug){
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) {return;}
js = d.createElement(s); js.id = id;
js.src = "facebook-all.js";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk', /*debug* / false));
window.fbAsyncInit = function() {
// init the FB JS SDK
alert('INIT SDK');
FB.init({
appId : 'xxxxxxxxxxx', // App ID from the App Dashboard
//channelUrl : '', // Channel File for x-domain communication
status : true, // check the login status upon init?
cookie : true, // set sessions cookies to allow your server to access the session?
xfbml : true, // parse XFBML tags on this page?
});
FB.login(function(response) {
if (response.authResponse) {
alert('Welcome! Fetching your information.... ');
FB.api('/me', function(response) {
alert('connected ' + JSON.stringify(response, null, 4));
});
} else {
alert('User cancelled login or did not fully authorize.');
}
});
};
的manifest.json
{
"name": "A browser action with no icon",
"version": "1.0",
"background": { "scripts":["background.js"]},
"permissions": [
"tabs",
"https://*/*",
],
"content_security_policy": "default-src https://connect.facebook.net/ https://s-static.ak.facebook.com/connect/ chrome-extension-resource: 'self' 'unsafe-eval' ",
"manifest_version": 2
}
但是我在控制台上获得了以下错误:
The "fb-root" div has not been created, auto-creating all.js:52
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src https://connect.facebook.net/ https://s-static.ak.facebook.com/connect/ 'self' 'unsafe-eval'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
Refused to execute JavaScript URL because it violates the following Content Security Policy directive: "default-src https://connect.facebook.net/ https://s-static.ak.facebook.com/connect/ 'self' 'unsafe-eval'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
Refused to execute JavaScript URL because it violates the following Content Security Policy directive: "default-src https://connect.facebook.net/ https://s-static.ak.facebook.com/connect/ 'self' 'unsafe-eval'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
Refused to load the frame 'http://static.ak.facebook.com/connect/xd_arbiter.php?version=21#channel=f30…F_generated_background_page.html%3Ffb_xd_fragment%23xd_sig%3Df2c0b5eef8%26' because it violates the following Content Security Policy directive: "default-src https://connect.facebook.net/ https://s-static.ak.facebook.com/connect/ 'self' 'unsafe-eval'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.
Refused to load the frame 'https://www.facebook.com/dialog/oauth?client_id=xxxxxxxxxxx&response_type=…4%26domain%3D<extension-id>%26relation%3Dparent&sdk=joey' because it violates the following Content Security Policy directive: "default-src https://connect.facebook.net/ https://s-static.ak.facebook.com/connect/ 'self' 'unsafe-eval'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.
我知道'不安全 - 内联'不再允许了,那么有没有办法让chrome扩展中的fs-jssdk工作?
任何帮助将不胜感激!
obs:我可以直接在浏览器中从FB获取结果,但不能在扩展名中获取。
答案 0 :(得分:1)
您可以使用以下方式启用样式和框架:
"content_security_policy": "default-src 'self' 'unsafe-eval' chrome-extension-resource: https://*.facebook.net https://*.facebook.com; style-src 'self' 'unsafe-inline' chrome-extension-resource: https://*.facebook.net https://*.facebook.com; frame-src 'self' 'unsafe-inline' chrome-extension-resource: https://*.facebook.net https://*.facebook.com",
但我不确定如何摆脱Refused to load the frame 'http://static.ak.facebook.com(...)错误。谷歌Chrome的CSP不允许使用http://域,没有它就没有帧间通信,所以例如自动调整大小不起作用。