Chrome扩展程序“拒绝加载脚本,因为它违反了以下内容安全策略指令”
[英]Chrome Extension “Refused to load the script because it violates the following Content Security Policy directive”
问题描述
I'm trying to create a Chrome extension, but none of my JS works. 
我正在尝试创建Chrome扩展程序,但我的JS都没有。 The console shows this error: 控制台显示此错误:
Refused to load the script ' https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js ' because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:".
Why is it blocking my jQuery from running? 为什么阻止我的jQuery运行?
7 个解决方案
解决方案1
13 2018-01-27 14:19:21
As explained on the Chome website , there is a Content Security Policy preventing your script to load remote script: 正如Chome 网站上所述,有一个内容安全策略阻止您的脚本加载远程脚本:
A relaxed policy definition which allows script resources to be loaded from example.com over HTTPS might look like:
"content_security_policy": "script-src 'self' https://example.com ; object-src 'self'"
So in your case, the manifest.json should contain: 所以在你的情况下, manifest.json应该包含:
{
"name": "My Extension",
"manifest_version": 2,
"background":{
"scripts": [...]
},
"content_security_policy": "script-src 'self' https://example.com; object-src 'self'",
}
解决方案2
11 2016-01-22 15:26:02
Did you allow it in your manifest JSON file. 您是否在清单JSON文件中允许它。 Something like this: 像这样的东西:
{
"name": "My Extension",
"content_scripts": [{
"js": ["jquery.min.js", "YourJavaScriptFile.js"],
"matches": ["http://*/*", "https://*/*"]
}]
}
There are required fields I left out, but just giving the basic idea. 我遗漏了必需的字段,但只是给出了基本的想法。
解决方案3
2 2018-03-23 14:11:17
well, you cant use CDN for js, you will be have to copy the content of " https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js " and create a new file inside your js directory and call it jquery.min.js and paste everything in it , then in your HTML file header remove the line that has this url in it and use this one instead 好吧,你不能使用CDN for js,你将不得不复制“ https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js ”的内容并创建一个新文件在你的js目录中并将其命名为jquery.min.js并将其中的所有内容粘贴到其中,然后在HTML文件头中删除包含此url的行并使用此代替
<script src="js/jquery.min.js"></script>
but make sure that this is the write path for the file that contains all the data in the mentioned url 但请确保这是包含所提及网址中所有数据的文件的写入路径
cheers, 干杯,
解决方案4
2 2018-08-20 05:45:36
Content Security Policy is another layer of security for your application. 内容安全策略是应用程序的另一个安全层。 It lets you define all the origins from which you are loading any styles, scripts or data. 它允许您定义从中加载任何样式,脚本或数据的所有原点。 For each of the style, script, font or connect, you need to specify the domains which you are loading in your application. 对于每个样式,脚本,字体或连接,您需要指定要在应用程序中加载的域。 If you are using a CDN jQuery of another domain, you need to specify this domain in the Content Security Policy. 如果您使用的是其他域的CDN jQuery,则需要在内容安全策略中指定此域。
If you don't want this added layer of security and would like to load styles or scripts from any domain you wish, just add this following meta tag in your index.html and make sure this is located before any of your imports. 如果您不想要这个增加的安全层,并希望从您希望的任何域加载样式或脚本,只需在index.html中添加以下元标记,并确保它位于任何导入之前。
<meta http-equiv="Content-Security-Policy" content="default-src *;">
here * is the wildcard character which lets you access any domain. 这里*是通配符,可以让您访问任何域。 If you want this added layer of security I suggest you go to the documentation which is very clear about how to specify all the domains you want import in your application 如果您想要这个增加的安全层,我建议您转到文档 ,该文档非常清楚如何在您的应用程序中指定要导入的所有域
解决方案5
0 2016-12-11 04:50:22
My HTML file had <script> some js code within it </script> . 我的HTML文件中有<script> some js code within it </script> 。 When removed the script tags, the error was gone. 删除脚本标记后,错误消失了。
解决方案6
0 2019-03-27 20:35:34
According to the Chrome Extension documentation , you need to download a copy of the external resource into your package folder and load the script locally. 根据Chrome扩展文档 ,您需要将外部资源的副本下载到您的包文件夹中并在本地加载脚本。
Loading external scripts is not allowed. 不允许加载外部脚本。
解决方案7
0 2019-09-06 11:37:35
I will tell you long story short. 我会告诉你长话短说。 Google Chrome has CSP (Content Security Policy) , which means chrome extensions don't allow the external script. 谷歌浏览器具有CSP(内容安全策略) ,这意味着Chrome扩展不允许使用外部脚本。 If you are using the vue cdn then just perform following steps and your are good to go. 如果您正在使用vue cdn那么只需执行以下步骤即可。
- Add following code in your manifest.json and change your filenames as per need. 在manifest.json中添加以下代码,并根据需要更改文件名。 Here 'unsafe-eval' is the thing you are looking for, just add this. 这里'unsafe-eval'就是您要找的东西,只需添加它即可。
{
"manifest_version": 2,
"name" : "Hello Extension",
"version" : "1.0",
"permissions": [
"https://cdn.jsdelivr.net/npm/vue/dist/vue.js"
],
"background": {
"scripts": ["popup.js"],
"persistent": false
},
"description" : "Testing the hello world extension",
"icons": {
"16" : "icons16.png",
"48" : "icons16.png",
"128" : "icons16.png"
},
"browser_action": {
"default_icon" : "icons16.png",
"default_popup" : "popup.html"
},
"content_security_policy": "script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net; object-src 'self'"
}
- In your
external jshere popup.js add the Vue code and everything will work great.在你的external js这里popup.js添加Vue代码,一切都会很好。
var app = new Vue({
el: "#app",
data: {
name: ""
}
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.