如何在 Chrome Extension Manifest.json 中设置内容安全策略以使 Firebase 工作
[英]How to set Content Security Policy in Chrome Extension Manifest.json in order for Firebase to work
问题描述
I made a Chrome Extension and used Firebase to collect data into a database.
我做了一个 Chrome 扩展并使用 Firebase 将数据收集到数据库中。 It worked fine for some time, but it seems there were some changes to Chrome.它工作了一段时间,但似乎 Chrome 发生了一些变化。 Now I get the following error in the javascript console when using Inspect Element on my Extension:现在,在我的扩展上使用 Inspect Element 时,我在 javascript 控制台中收到以下错误:
Refused to load the script ' https://(myID).firebaseio.com/(otherprivatedata) ' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".
This script is written at firebase.js:171, it's not script that I added.这个脚本写在 firebase.js:171,不是我添加的脚本。
I attempted to follow this guide and add the "content_security_policy" tag to my manifest.json as instructed: https://github.com/firebase/firebase-chrome-extension我尝试遵循本指南并将“content_security_policy”标签添加到我的清单中。json 按照指示: https://github.com/firebase/firebase-chrome-extension
I added the following line to my manifest.json as instructed:我按照说明在 manifest.json 中添加了以下行:
"content_security_policy": "script-src 'self' https://cdn.firebase.com https://*.firebaseio.com; object-src 'self'"
However when I add this line, I now get an error when trying to load my script in chrome://extensions但是,当我添加此行时,现在尝试在 chrome://extensions 中加载脚本时出现错误
Error Loading Extension
Failed to load extension from: ~\XXX\my_ext
Manifest is not valid JSON.
And it highlights the line I just added above (content_security_policy).它突出显示了我刚刚在上面添加的行 (content_security_policy)。 What am I doing wrong?我究竟做错了什么? It seems anything after "content_security_policy" is completely refused by Chrome. Chrome 完全拒绝了“content_security_policy”之后的任何内容。
Even when I try the sample code from Google, it doesn't work.即使我尝试了谷歌的示例代码,它也不起作用。 developer.chrome.com/extensions/contentSecurityPolicy developer.chrome.com/extensions/contentSecurityPolicy
"content_security_policy": "script-src 'self' https://example.com; object-src 'self'"
How can I set the content_security_policy in order for Firebase to work in an Extension?如何设置 content_security_policy 以使 Firebase 在扩展中工作?
(My firebase.jp is already downloaded and packaged in with my Extension since Chrome won't let me call it as remote.) (我的 firebase.jp 已经下载并与我的扩展程序一起打包,因为 Chrome 不允许我将其称为远程。)
2 个解决方案
解决方案1
12 2015-06-18 00:32:55
Yep, thanks rsanchez... totally forgot a comma...是的,谢谢 rsanchez... 完全忘记了逗号...
...
"options_page": "option.html",
"manifest_version": 2, <- THIS COMMA
"content_security_policy": "script-src 'self' https://cdn.firebase.com https://*.firebaseio.com; object-src 'self'"
}
Works now, thanks for your help!现在可以使用,感谢您的帮助!
解决方案2
0 2022-09-05 11:38:29
Update 2022 2022 年更新
Manifest V3 has changed the way content security policy is specified. Manifest V3 更改了指定内容安全策略的方式。 Please have a look at the doc .请看一下文档。 So according to V3, the above policy should be now be specified in this manner:因此,根据 V3,现在应该以这种方式指定上述策略:
{
...
"manifest_version": 3,
"content_security_policy": {
"extension_pages": "script-src 'self' https://cdn.firebase.com https://*.firebaseio.com; object-src 'self'"
}
...
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.