This is relative an Chrome extension. I am trying a simple one which uses the Google Chart API
I have this code in my html document "popup.html", which is loaded on the click on the Icon.
<!doctype html>
<html>
<head>
<script type="text/javascript" src="js/libs/jquery-1.8.0.min.js"></script>
<script type="text/javascript" src="js/popup.js"></script>
<script type="text/javascript" src="http://www.google.com/jsapi?key=xxxxxxxxxxx"></script>
[...]
</body>
</html>
I get the following message:
Refused to load the script 'http://www.google.com/jsapi?key=xxxxxxxxxxx' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".
I understood it is something relative to permissions, I tried to modify my Manifest file but without success:
{
[...]
"manifest_version": 2,
"permissions": ["http://*.google.com/"],
"content_security_policy": "script-src 'self' http://www.google.com; object-src 'self'",
}
Any idea?
Just make it use the https protocol instead. The error you're getting is regarding the Content Security Policy.
See the Relaxing the default policy section of the page. It mentions that you can only whitelist HTTPS, chrome-extension, and chrome-extension-resource.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments