我正在尝试开发一个简单的Chrome扩展程序,以在单击时打开的弹出窗口中显示受CSP限制的google域中的页面。嵌入页面的最简单方法是什么?
我要嵌入的页面的内容安全策略(CSP)禁止使用frame-ancestors,因此页面的<iframe>无法正常工作。具体来说,该页面是Google任务侧边栏:https://tasks.google.com/embed/?origin=https://mail.google.com&fullWidth=1
扩展的基本版本如下:
{
"manifest_version": 2,
"name": "Google Tasks",
"version": "1.0",
"description": "",
"browser_action": {
"default_icon": "images/tasks-19x19.png",
"default_title": "Google Tasks",
"default_popup": "popup.html"
},
"permissions": [
"contextMenus",
"notifications",
"tabs",
"http://tasks.google.com/",
"http://mail.google.com/"
]
}
<!DOCTYPE html>
<html>
<body>
<iframe src="https://tasks.google.com/embed/?origin=https://mail.google.com&fullWidth=1"></iframe>
</body>
</html>
此示例在控制台中导致此错误(由于CSP)
Refused to display 'https://tasks.google.com/embed/?origin=https://mail.google.com&fullWidth=1' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://mail.google.com".
我知道我可以拦截CSP(as referenced)并覆盖frame-ancestors属性,但是我想知道是否有更好的方法来嵌入我要嵌入的页面?