我正在尝试从chrome示例扩展
安装news reader但即使没有做出改变也无法正常工作。因为它想要清单v2我将manifest_version: 2添加到清单中,这给了我以下内容:
{
"name": "__MSG_name__",
"version": "1.1",
"manifest_version": 2,
"description": "__MSG_description__",
"icons": { "128": "news_icon.png" },
"browser_action": {
"default_title": "__MSG_default_title__",
"default_icon": "news_action.png",
"default_popup": "feed.html"
},
"permissions": [
"tabs",
"http://news.google.com/*",
"http://news.google.es/*"
],
"default_locale": "en"
}
但我如何更新它以修复以下错误:
feed.html:75 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
feed.html:103 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
feed.html:308 Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
答案 0 :(得分:2)
内容安全策略文档中有handy guide。它还提到在内联脚本的情况下修改CSP本身无法解决。
具体来说,请阅读inline scripts上的部分。
简而言之,您的案例需要进行以下更改(基于错误):
如果有<script> /* some code */ </script>块,则需要将它们移到单独的文件中并加载<script src="file.js"></script>
如果有<div onclick="clickHandler()">或<body onload="load()">等内联处理程序,则需要将它们转换为addEventListener格式并从包含的JS代码执行。有关示例,请参阅文档。
请不要在https://crbug.com提出错误,以表明该示例已过期。