[英]Adding sharethis buttons to chrome extension popup.html
I'm trying to add the sharethis buttons to popup.html and the following errors appear: 我试图将sharethis按钮添加到popup.html,出现以下错误:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.sharethis.com". Either the 'unsafe-inline' keyword, a hash ('sha256-9kQ6Bjy+HAjxIkWKadVLttYAH2WuOVEKCHY7pnlgMz0='), or a nonce ('nonce-...') is required to enable inline execution.
This is my conf: "content_security_policy": "script-src 'self' 'unsafe-eval' https://*.sharethis.com; object-src 'self'"
这是我的conf:
"content_security_policy": "script-src 'self' 'unsafe-eval' https://*.sharethis.com; object-src 'self'"
has anyone managed to get those buttons appear? 有没有人设法让那些按钮出现?
thanks 谢谢
unsafe-eval
is used for relaxing eval
functions, like setTimeout(String)
, setInterval(String)
and new Function(String)
. unsafe-eval
用于放松eval
函数,例如setTimeout(String)
, setInterval(String)
和new Function(String)
。
unsafe-inline
would have no effect, according to Official Guide, 根据《官方指南》,
unsafe-inline
无效,
Up until Chrome 45, there was no mechanism for relaxing the restriction against executing inline JavaScript.
直到Chrome 45为止,还没有任何机制可以放宽执行内联JavaScript的限制。 In particular, setting a script policy that includes 'unsafe-inline' will have no effect .
特别是, 设置包含'unsafe-inline'的脚本策略将无效 。
And for Chrome > 46, 如果Chrome> 46,
inline scripts can be whitelisted by specifying the base64-encoded hash of the source code in the policy .
通过在策略中指定源代码的base64编码的哈希,可以将内联脚本列入白名单。 This hash must be prefixed by the used hash algorithm (sha256, sha384 or sha512).
该哈希必须以使用的哈希算法(sha256,sha384或sha512)作为前缀。 See Hash usage for elements for an example.
有关示例,请参见元素的哈希用法 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.