![](/img/trans.png)
[英]Chrome extension policy error: Refused to execute inline event handler because it violates the following Content Security Policy directive
[英]Firebase Chrome Extension - Refused to execute inline script because it violates the following Content Security Policy directive
尝试将其作为扩展运行时出现此错误,有什么想法吗??
拒绝执行内联脚本,因为它违反了以下内容安全策略指令:“script-src 'self' https://cdn.firebase.com https://*.firebaseio.com”。 启用内联执行需要“unsafe-inline”关键字、哈希(“sha256-SDElGe7fYNO4sezC+axo6JiF5P5uY6qAiaLldxOYZXk=')或随机数(“nonce-...”)。
html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title></title>
<script src='https://cdn.firebase.com/js/client/2.2.1/firebase.js'></script>
<script>
// Initialize Firebase
var config = {
apiKey: "**",
authDomain: "**",
databaseURL: "**",
projectId: "**",
storageBucket: "**",
messagingSenderId: "**"
};
firebase.initializeApp(config);
</script>
<script defer type="text/javascript" src="js/app.js"></script>
</head>
<body>
<div id="myApp">
<input id="name" type="text" name="name" placeholder="Name"> <br>
<input id="birth" type="text" name="birth" placeholder="Birthdate">
<input id="submit" type="submit" value="Go" name="submit">
</div>
<div id="births" class="births"></div>
</body>
</html>
清单文件
{
"name": "Test",
"manifest_version": 2,
"version": "0.1",
"content_security_policy": "script-src 'self' https://cdn.firebase.com https://*.firebaseio.com; object-src 'self'",
"browser_action": {
"default_title":"Test",
"default_popup": "index.html"
},
}
此视频在这里可以帮助你......我花了几个小时试图找出如何解决呢
您无法从 Web 加载代码,只能从包加载。 这是因为黑客可以使用该 Javascript 作为大本营,如下所示。
资源: https : //developer.chrome.com/extensions/contentSecurityPolicy
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.