iframe twitter移动网站

时间:2017-09-27 23:13:47

标签: javascript iframe google-chrome-extension opera

我真的需要iframe twitter.com移动网站进入歌剧扩展,想知道是否有人知道他们的意思是由于以下错误

sidebar.html:8 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://mobile.twitter.com/". Either the 'unsafe-inline' keyword, a hash ('sha256-hM+vuSKyk8KinSQRAwVUgib4/cFYwMvRenQfLzc9VzE='), or a nonce ('nonce-...') is required to enable inline execution.

代码 sidebar.html                 
               

    <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: https://mobile.twitter.com/ 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:;">
    <script type="text/javascript">
    document.domain = 'twitter.com';
    </script>
    <style>
      html,
      body,
      iframe {
        background-color: white;
        border: none;
        height: 100%;
        margin: 0;
        overflow: hidden;
        padding: 0;
        width: 100%;
         z-index: 99999999;
      }
    </style>
  </head>
  <body>
  <iframe frame-src="https://mobile.twitter.com" ></iframe>
    <script src="sidebar.js" defer></script>
    </body>
</html>

background.js 

chrome.webRequest.onHeadersReceived.addListener(
  function (details) {
    return {
      responseHeaders: details.responseHeaders.filter(function(header) {
        //return (header.name.toLowerCase() !== 'x-frame-options');
      })
    };
  }, {
    urls: ["http://*.twitter.com","https://mobile.twitter.com/"]
  }, ["blocking", "responseHeaders"]);

sidebar.js 

opr.sidebarAction.onFocus.addListener(

)

的manifest.json 

{
   "background": {
      "scripts": [ "background.js"]
   },
   "description": "TweetTab allows you to quickly and easily access Twitter when you need/want to post.",
   "developer": {
      "name": "russellharrower"
   },
   "icons": {
      "128": "icons/128.png",
      "19": "icons/19.png",
      "38": "icons/38.png",
      "48": "icons/48.png"
   },
    "manifest_version": 2,
   "name": "TwitTab",
   "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
   "permissions": [ "webRequest", "webRequestBlocking", "https://*.twitter.com/", "*" ],
   "sidebar_action": {
      "default_icon": "icons/38.png",
      "default_panel": "sidebar.html",
      "default_title" : "TweetTab",
        // Required
      "default_panel": "sidebar.html"
    },
   "web_accessible_resources":["sidebar.html"],
   "version": "1.0.1"
}

1 个答案:

答案 0 :(得分:0)

关于您的问题的两个潜在来源

  1. 您在sidebar.html中有内联Javascript

    2. 将此代码重构为单独的Javascript文件或更改内容安全策略。

    <script type="text/javascript">
    document.domain = 'twitter.com';
</script>
    1. Twitter的HTTP响应将 x-frame-options 标头设置为 SAME ORIGIN 。但似乎你已经尝试过对此进行说明。

      2. 查看this question的答案。

相关问题
最新问题