javascript - Content Security Policy in Chrome App

Question

Ask a Question

Welcome To Ask or Share your Answers For Others

javascript - Content Security Policy in Chrome App

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

My Chrome app has the following manifest:

{
    "name": ",
    "version": "1.0.3",
    "manifest_version": 2,
    "description": "Chrome Extension for.",
    "icons": {
        "16": "images/test.png",
        "19": "images/test.png",
        "256": "images/test.png"
    },
    "app": {
        "background": {
            "scripts": [
                "background.js"
            ]
        }
    },

    "sandbox": {
        "js": [
            "lib/test-api.js"
        ]
    },
    "permissions": [
        "<all_urls>",
        "notifications",
        "storage",
        "videoCapture"
    ]
}

I have a script file that runs eval. I have read about CSP and sandboxing, but I still get this error:

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

296 views

1 Answer

深蓝 · Answer 1 · 2021-10-23T17:47:38+0000

Have you tried adding the CSP line to your manifest as per your CSP link?

"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"

Categories

javascript - Content Security Policy in Chrome App

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags