我正在创建一个使用谷歌地球的谷歌浏览器扩展程序。
我已将以下内容添加到我的清单中:
{
"name": "Calculator",
"description": "A simple calculator.",
"manifest_version": 2,
"minimum_chrome_version": "23",
"version": "1.3.2",
"app": {"background": {"scripts": ["model.js", "view.js", "controller.js"]}},
"icons": {
"16": "images/icon-16x16.png",
"128": "images/icon-128x128.png"
},
"content_security_policy": "script-src 'self' https://www.google.com/jsapi; https://www.google.com/uds/?file=earth&v=1; https://www.google.com/uds/api/earth/1.0/109c7b2bae7fe6cc34ea875176165d81/default.I.js; object-src 'self'",
"permissions": [
"storage",
"https://*.google.com/"
]
}
即便如此,当我运行扩展时,我会收到以下错误:
Refused to load the script 'https://www.google.com/jsapi' because it violates the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
Refused to load the script 'https://www.google.com/uds/?file=earth&v=1' because it violates the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
Refused to load the script 'https://www.google.com/uds/api/earth/1.0/109c7b2bae7fe6cc34ea875176165d81/default.I.js' because it violates the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
答案 0 :(得分:2)
CSP中的网址应以空格分隔,而不是分号。分号用于分隔指令。
A CSP policy consists of a U+003B SEMICOLON (;) delimited list of directives:
policy = [ directive *( ";" [ directive ] ) ]
所以你的CSP应该读到:
"content_security_policy": "script-src 'self' https://www.google.com/jsapi https://www.google.com/uds/?file=earth&v=1 https://www.google.com/uds/api/earth/1.0/109c7b2bae7fe6cc34ea875176165d81/default.I.js; object-src 'self'"