Can not make GWT application work as Chrome packaged app, probably due to CSP

Question

Keep getting CSP errors: \"Refused to execute inline script because it violates the following Content Security Policy directive: \"script-src \'self\'\"

The problem

Answer 1

EDIT: new GWT bug reported: http://code.google.com/p/google-web-toolkit/issues/detail?id=7685, see also http://gwt-code-reviews.appspot.com/1838803/ which is related to this bug

In other words, it looks like, when fixed, you'll simply have to use the DirectInstallLinker ().

In the mean time, IIUC, you'd have to extend DirectInstallLinker and:

• override getJsInstallLocation to return a copy a installLocaltionIframe.js without the $wnd part
• override getModulePrefix to prepend var $wnd = $wnd || window.parent; to what's generated by super.getModulePrefix

---

I don't know CSP enough to give a complete answer, but the xsiframe linker is "customizable": create a class that extends com.google.gwt.core.linker.CrossSiteIframeLinker and overrides the appropriate methods, then use with a and in your *.gwt.xml.

For instance, getJsInstallLocation defaults to com/google/gwt/core/ext/linker/impl/installLocationIframe.js but there's a com/google/gwt/core/ext/linker/impl/installLocationMainWindows.js alternate implementation.

Similarly (and probably more importantly), getJsInstallScript defaults to com/google/gwt/core/ext/linker/impl/installScriptEarlyDownload.js but there's also a com/google/gwt/core/ext/linker/impl/installScriptDirect.js alternate implementation.

See http://code.google.com/p/google-web-toolkit/source/browse/trunk/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeLinker.java#204, http://code.google.com/p/google-web-toolkit/source/browse/trunk/dev/core/src/com/google/gwt/core/ext/linker/impl/ and http://code.google.com/p/google-web-toolkit/source/browse/trunk/user/src/com/google/gwt/core/Core.gwt.xml