Chrome插件和内容安全政策错误

时间:2014-06-09 20:10:48

标签: javascript google-chrome google-chrome-extension content-security-policy

上传解压缩的Chrome扩展程序时,出现以下错误:

Could not load extension from '/Users/me/example'. Invalid value for 'content_security_policy': Both 'script-src' and 'object-src' directives must be specified (either explicitly, or implicitly via 'default-src'), and both must whitelist only secure resources. You may include any of the following sources: "'self'", "'unsafe-eval'", "http://127.0.0.1", "http://localhost", or any "https://" or "chrome-extension://" origin. For more information, see http://developer.chrome.com/extensions/contentSecurityPolicy.html

我的清单如下所示:

{
  "name": "Example Inc.",
  "manifest_version" : 2,
  "version": "0.4.4",
  "content_scripts": [
    {
      "matches": [
        "*://*.example.cc/*"
      ],
      "js": [
        "production/jquery.libs.min.js",
        "https://example.cc/js/example.js"
      ],
      "run_at": "document_end"
    }
  ],
  "permissions": [
    "*://*.example.cc/*",
    "tabs",
    "activeTab",
    "contextMenus",
    "storage",
    "management",
    "cookies"
  ],
  "content_security_policy": "script-src 'self' https://ssl.google-analytics.com/ga.js https://example.cc/js/*; object-src 'self'"
}

从我见过的所有例子中,在阅读了一些CSP文档之后,我不确定我错过了什么。我们的域名是完全https,example.js文件存在且可访问等

欢迎任何想法!

2 个答案:

答案 0 :(得分:1)

如果您只使用您的代码,请将其设置为 self only,例如

"content_security_policy": "script-src 'self'; default-src 'self'",

答案 1 :(得分:0)

你应该这样做:

"content_security_policy": "script-src 'self' https://ssl.google-analytics.com/ga.js https://example.cc; object-src 'self'"
相关问题
最新问题