我正在使用chrome扩展来解析用户名并在我的数据库上交叉检查它。但是LinkedIns CSP阻止我从chrome扩展程序进行GET调用。
这是我的控制台错误:
Refused to connect to 'https://my.api.url/' because it violates the following Content Security Policy directive: "connect-src 'self' wss: static.licdn.com s.c.lnkd.licdn.com static-fstl.licdn.com static-src.linkedin.com dms.licdn.com static-exp1.licdn.com static-exp2.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com static-lcdn.licdn.com s.c.lcdn.licdn.com media.licdn.com m.c.lnkd.licdn.com platform.linkedin.com https://www.linkedin.com https://indeed-indeed.p.mashape.com/apisearch cdn.lynda.com media-exp2.licdn.com media-exp1.licdn.com video-uploads-prod.s3.amazonaws.com video-uploads-prod.s3-accelerate.amazonaws.com https://media-src.linkedin.com/media/".
有没有办法在元标记中覆盖它,或者为chrome扩展提供额外的权限?
答案 0 :(得分:1)
为了能够从您的扩展程序发出GET请求,您应该在https://my.api.url/
connect-src
添加到manifes.json
"content_security_policy" : " .... connect-src https://my.api.url/ ..."