将我的 Chrome 扩展程序迁移到 Manifest v3 时出错
[英]Error with migrating my Chrome Extension to Manifest v3
问题描述
I want to migrate my Chrome Extension to manifest V3.
我想将我的 Chrome 扩展程序迁移到清单 V3。
The content_security policy looks as follows on manifest V2: content_security 策略在清单 V2 上如下所示:
{... {...
"content_security_policy": "script-src 'self' 'sha256-...' ; object-src 'self'" "content_security_policy": "script-src 'self' 'sha256-...' ; object-src 'self'"
} }
Notice that I'm using sha-256 value which is the most specific property.请注意,我使用的是最具体的属性 sha-256 值。
Furthermore, I performed a "semi-official" converting usingthis tool .此外,我使用此工具进行了“半官方”转换。
When I convert the manifest to V3 and then update the extension, I get the following error .当我将清单转换为 V3 然后更新扩展时,我收到以下错误。 I don't understand why it is considered as an insecure CSP value, while it is accepted on Manifest V2 and is considered secure to use the specified hash value of the code.我不明白为什么它被认为是不安全的 CSP 值,而它在 Manifest V2 上被接受并且被认为使用代码的指定 hash 值是安全的。
How can I overcome it?我怎样才能克服它?
1 个解决方案
解决方案1
0 2021-12-03 17:40:46
In manifest MV3, CSP is an object, however in the error it is a string, so it needs to be reformatted.在清单 MV3 中,CSP 是 object,但在错误中它是字符串,因此需要重新格式化。
Example and instructions from migration guide: 迁移指南中的示例和说明:
Manifest V2清单 V2
"content_security_policy": "..."
Manifest V3清单 V3
"content_security_policy": {
"extension_pages": "...",
"sandbox": "..."
}
extension_pages : This policy covers pages in your extension, including html files and service workers.
extension_pages :此策略涵盖您的扩展中的页面,包括 html 文件和服务工作者。
These page types are served from thechrome-extension://protocol.这些页面类型由chrome-extension://协议提供。 For instance, a page in your extension ischrome-extension://<extension-id>/foo.html.例如,您的扩展程序中的一个页面是chrome-extension://<extension-id>/foo.html。sandbox : This policy covers any sandboxed extension pages that your extension uses.
sandbox :此策略涵盖您的扩展程序使用的任何沙盒扩展程序页面。
Important!重要的!
In addition, MV3 disallows certain CSP modifications for extension_pages that were permitted in MV2.此外,MV3 不允许对 MV2 中允许的 extension_pages 进行某些 CSP 修改。 The script-src, object-src, and worker-src directives may only have the following values: script-src、object-src 和 worker-src 指令只能具有以下值:
- self自己
- none没有任何
- Any localhost source, (http://localhost, http://127.0.0.1 , or any port on those domains)任何 localhost 源(http://localhost、 http://127.0.0.1或这些域上的任何端口)
CSP modifications for sandbox have no such new restrictions.沙盒的 CSP 修改没有这样的新限制。
Going through this guide, it seems having sha-256 values is not allowed for extension pages.通过本指南,扩展页面似乎不允许使用 sha-256 值。 But these are typically inlined scripts.但这些通常是内联脚本。 You can save the script as a js file, and load it from there using <script/> tag instead;您可以将脚本保存为 js 文件,然后使用<script/>标签从那里加载它; this will not require CSP policy.这不需要 CSP 策略。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.