问题
I'm trying to build a page action extension and need to load an external JavaScript library from the popup (it needs to come from the external domain so that the correct cookies are sent).
However I get this error message:
Refused to load script from 'http://api.flattr.com/js/0.6/load.js?mode=auto' because of Content-Security-Policy.
Is there any way around this?
回答1:
Using scripts via plain HTTP is no longer allowed for security reasons. See this issue.
From linked page:
Yeah, we're no longer allowing insecure scripts in extensions. If you load a script over HTTP, an active network attacker can inject script into your extension, which is a security vulnerability.
One suggested solution is to link the scripts via HTTPS where possible. Another one is to include the script with the plugin itself.
来源:https://stackoverflow.com/questions/8478245/how-to-load-an-external-javascript-inside-an-extension-popup