注入内容时,您可以使用Chrome扩展程序覆盖CSP吗?

时间:2018-06-16 06:22:12

标签: google-chrome google-chrome-extension

我正在尝试创建一个Chrome扩展程序,在页面上注入一个侧边栏,内部有一个iframe,指向外部页面。测试时,我在LinkedIn上遇到以下错误:

  

拒绝框架'https://example.com/',因为它违反了。https://www.linkedin.com'   遵循内容安全策略指令:“frame-src'self'   * .doubleclick.net www.slideshare.net radar.cedexis.com platform.linkedin.com media-exp1.licdn.com media-exp2.licdn.com   m.c.exp1.licdn.com m.c.exp2.licdn.com media-lcdn.licdn.com   m.c.lcdn.licdn.com cdn.embedly.com https://github.com/socketio/socket.io-client-java   lichat.azurewebsites.net www.youtube.com www.facebook.com   player.vimeo.com embed.ted.com livestream.com embed.gettyimages.com   w.soundcloud.com www.lynda.com media.licdn.com“。

我理解这意味着他们阻止嵌入除了列入白名单之外的任何网站,所以我很好奇是否有办法通过扩展程序改变CSP?

这是我的清单文件:

{
    "manifest_version": 2,
    "name": "my ext",
    "description": "my ext desc",
    "version": "0.1",
    "content_scripts": [{
        "matches": ["<all_urls>"],
        "js": ["jquery-3.3.1.min.js","content.js","scripts.js"],
        "css": ["content.css"]
    }],
    "background": {
        "scripts": ["background.js"]
    },
    "permissions": ["tabs","activeTab","storage"],
    "browser_action": {
        "default_icon": {
            "16": "images/icon16.png",
            "32": "images/icon32.png",
            "48": "images/icon48.png",
            "128": "images/icon128.png"
        }
    },
    "icons": {
        "16": "images/icon16.png",
        "32": "images/icon32.png",
        "48": "images/icon48.png",
        "128": "images/icon128.png"
    }
}

0 个答案:

没有答案