编辑:这已经发布了整整一天。希望有人可以提出建议。
编辑2:仍无法解决。
所以我正在做一个独立的项目,但是google chrome扩展的前提是基本上单击按钮,然后运行脚本。该脚本包含必须打开才能运行的链接,我无法弄清楚如何将脚本中的链接列入白名单以运行。这是我的manifest.json代码。
{
"name": "mybotnotyourbot",
"version": "1.0",
"description": "stoptryingottakemybot",
"options_page": "options.html",
"permissions": ["activeTab", "declarativeContent", "storage"],
"content_security_policy": "'default-src' 'self' 'https://www.supremenewyork.com/shop.js'",
"background": {
"scripts": ["background.js"],
"persistent": false
},
"page_action":
{
"default_popup": "popup.html",
"default_icon":
{
"16": "images/get_started16.png",
"32": "images/get_started32.png",
"48": "images/get_started48.png",
"128": "images/get_started128.png"
}
},
"icons": {
"16": "images/get_started16.png",
"32": "images/get_started32.png",
"48": "images/get_started48.png",
"128": "images/get_started128.png"
},
"manifest_version": 2
}
现在几乎所有东西都只是用作模板概述项目,我得到的错误代码是这些...
CSP directive 'script-src' must be specified (either explicitly, or implicitly via 'default-src') and must whitelist only secure resources.
CSP directive 'object-src' must be specified (either explicitly, or implicitly via 'default-src') and must whitelist only secure resources.
这些错误没有意义,因为我使用的所有链接都包含https
Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' https://www.supremenewyork.com/shop". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
我确定一个是因为https。
我还是HTML和JSON的新手,请不要苛刻!任何见识将不胜感激:)
ps:脚本是用js编写的。