科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - How to set Content Security Policy in Chrome Extension Manifest.json in order for Firebase to work - Stack Overflow

    javascript - How to set Content Security Policy in Chrome Extension Manifest.json in order for Firebase to work - Stack Overflow

    programmeradmin5浏览0评论

    I made a Chrome Extension and used Firebase to collect data into a database. It worked fine for some time, but it seems there were some changes to Chrome. Now I get the following error in the javascript console when using Inspect Element on my Extension:

    Refused to load the script 'https://(myID).firebaseio/(otherprivatedata)' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".

    This script is written at firebase.js:171, it's not script that I added.

    I attempted to follow this guide and add the "content_security_policy" tag to my manifest.json as instructed:

    I added the following line to my manifest.json as instructed:

    "content_security_policy": "script-src 'self'  https://*.firebaseio; object-src 'self'"

    However when I add this line, I now get an error when trying to load my script in chrome://extensions

    Error Loading Extension

    Failed to load extension from: ~\XXX\my_ext

    Manifest is not valid JSON. Line: 14, column: 5, Syntax error.

    And it highlights the line I just added above (content_security_policy). What am I doing wrong? It seems anything after "content_security_policy" is completely refused by Chrome.

    Even when I try the sample code from Google, it doesn't work. developer.chrome/extensions/contentSecurityPolicy

    "content_security_policy": "script-src 'self' ; object-src 'self'"

    How can I set the content_security_policy in order for Firebase to work in an Extension?

    (My firebase.jp is already downloaded and packaged in with my Extension since Chrome won't let me call it as remote.)

    I made a Chrome Extension and used Firebase to collect data into a database. It worked fine for some time, but it seems there were some changes to Chrome. Now I get the following error in the javascript console when using Inspect Element on my Extension:

    Refused to load the script 'https://(myID).firebaseio.com/(otherprivatedata)' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".

    This script is written at firebase.js:171, it's not script that I added.

    I attempted to follow this guide and add the "content_security_policy" tag to my manifest.json as instructed: https://github.com/firebase/firebase-chrome-extension

    I added the following line to my manifest.json as instructed:

    "content_security_policy": "script-src 'self' https://cdn.firebase.com https://*.firebaseio.com; object-src 'self'"

    However when I add this line, I now get an error when trying to load my script in chrome://extensions

    Error Loading Extension

    Failed to load extension from: ~\XXX\my_ext

    Manifest is not valid JSON. Line: 14, column: 5, Syntax error.

    And it highlights the line I just added above (content_security_policy). What am I doing wrong? It seems anything after "content_security_policy" is completely refused by Chrome.

    Even when I try the sample code from Google, it doesn't work. developer.chrome.com/extensions/contentSecurityPolicy

    "content_security_policy": "script-src 'self' https://example.com; object-src 'self'"

    How can I set the content_security_policy in order for Firebase to work in an Extension?

    (My firebase.jp is already downloaded and packaged in with my Extension since Chrome won't let me call it as remote.)

    • javascript
    • json
    • google-chrome
    • google-chrome-extension
    • firebase
    Share Improve this question asked Jun 17, 2015 at 10:39 fohxfohx 2931 gold badge3 silver badges10 bronze badges 1
    • 3 Include your complete manifest.json. Probably there's an extra or missing comma somewhere. – rsanchez Commented Jun 17, 2015 at 16:46
    Add a comment  | 

    3 Answers 3

    Reset to default 12

    Yep, thanks rsanchez... totally forgot a comma...

    ...   
  "options_page": "option.html",
  "manifest_version": 2, <- THIS COMMA
  "content_security_policy": "script-src 'self' https://cdn.firebase.com https://*.firebaseio.com; object-src 'self'"
}

    Works now, thanks for your help!

    Update 2022

    Manifest V3 has changed the way content security policy is specified. Please have a look at the doc. So according to V3, the above policy should be now be specified in this manner:

    {
  ...
  "manifest_version": 3,
  "content_security_policy": {
    "extension_pages": "script-src 'self' https://cdn.firebase.com https://*.firebaseio.com; object-src 'self'"
  }
  ...
}

    Learn how to use sandbox on chrome extension

    on manifest v3 json file

    "content_security_policy": {
    "sandbox": "sandbox allow-scripts allow-forms allow-popups allow-modals; script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self';"
  },
  "sandbox": {
    "pages": [
      "index.html"
    ]
  }

    https://developer.chrome.com/docs/extensions/reference/manifest/sandbox

    继续浏览有关 的文章

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论