问题
I am trying to integrate google+ API with my google chrome extension. My integration based on this quick start example introduced here: https://developers.google.com/+/quickstart/javascript
I have migrated all inline javascript code to separate files, added content_security_policy line in my manifest.json file:
"content_security_policy": "script-src 'self' https://www.googleapis.com/ https://plus.google.com/ https://apis.google.com/ https://accounts.google.com/ https://ssl.gstatic.com https://csi.gstatic.com https://developers.google.com; object-src 'self'"
The problem is following. When I click on the Google+ button I get following error message:
Refused to execute JavaScript URL because it violates the following Content Security Policy directive:
"script-src 'self' https://www.googleapis.com/ https://plus.google.com/ https://apis.google.com/ https://accounts.google.com/ https://ssl.gstatic.com https://csi.gstatic.com https://developers.google.com".
Which is obviously unhappy with content_security_policy. It throws this exception on line 468 in this file:
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en.aop9WHMC8-8.O/m=client,plusone,signin/rt=j/sv=1/d=1/ed=1/am=EQ/rs=AItRSTNUM79OpqDtwYl6kryPkOs00evROQ/cb=gapi.loaded_0.
It seems it is trying to embed inline script and execute it after, which violates Content Security Policy. The same exception appears when I click to "Accept" button in the popup. As a result popup window hangs without response.
Do you have any experience with that ?
回答1:
Try this in your manifest.json:
"content_security_policy": "script-src 'self' 'unsafe-eval' https://apis.google.com/; object-src 'self'"
来源:https://stackoverflow.com/questions/18194659/google-integration-chrome-extension-issue