I am working on Chrome extension which opens a new window. That window contains my page.html where there are some scripts and that's the problem because in the console I can see the error... and now.
When I don't add any additional stuff to my manifest.json or page.html I get this error:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-t+n/+H6ALc8VWtFbu1Zd7/MPwtSjSk8PIrfccO7FJrg='), or a nonce ('nonce-...') is required to enable inline execution.`,
If I add
"content_security_policy": "script-src 'self' chrome-extension://capfbnhhhkfclmggnafjgkolommmmoch; object-src 'self';"
to my manifest.json, I get
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension://capfbnhhhkfclmggnafjgkolommmmoch". Either the 'unsafe-inline' keyword, a hash ('sha256-t+n/+H6ALc8VWtFbu1Zd7/MPwtSjSk8PIrfccO7FJrg='), or a nonce ('nonce-...') is required to enable inline execution.
When I added some meta tag into my page.html there was a same or similar error.
And my question is: How can I fix it? Because I think that "script-src 'self' blob: filesystem: chrome-extension-resource:" is some kind of template so I have to add some data thereafter :s... But I really don't know which. I saw here something about it but I don't have clue what should I do with it or where I should write it. So please help me, I would be so happy if I fixed that error.
Code where window opens:
$.get(chrome.extension.getURL('/page.html'), function(data) {
var myWindow;
myWindow = window.open("", "TopSerialy.sk Vyhľadávač","width=386,height=290");
myWindow.moveTo((screen.width/2)-(386/2), ((screen.height-93)/2)-(290/2));
myWindow.document.write(data);
});
page.html contains only simple script to close window when butten is pressed, declared by <script>functions, etc...</script> tag in HTML, not <script scr="some_url/script.js"></script>!
I am working on Chrome extension which opens a new window. That window contains my page.html where there are some scripts and that's the problem because in the console I can see the error... and now.
When I don't add any additional stuff to my manifest.json or page.html I get this error:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-t+n/+H6ALc8VWtFbu1Zd7/MPwtSjSk8PIrfccO7FJrg='), or a nonce ('nonce-...') is required to enable inline execution.`,
If I add
"content_security_policy": "script-src 'self' chrome-extension://capfbnhhhkfclmggnafjgkolommmmoch; object-src 'self';"
to my manifest.json, I get
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension://capfbnhhhkfclmggnafjgkolommmmoch". Either the 'unsafe-inline' keyword, a hash ('sha256-t+n/+H6ALc8VWtFbu1Zd7/MPwtSjSk8PIrfccO7FJrg='), or a nonce ('nonce-...') is required to enable inline execution.
When I added some meta tag into my page.html there was a same or similar error.
And my question is: How can I fix it? Because I think that "script-src 'self' blob: filesystem: chrome-extension-resource:" is some kind of template so I have to add some data thereafter :s... But I really don't know which. I saw here something about it but I don't have clue what should I do with it or where I should write it. So please help me, I would be so happy if I fixed that error.
Code where window opens:
$.get(chrome.extension.getURL('/page.html'), function(data) {
var myWindow;
myWindow = window.open("", "TopSerialy.sk Vyhľadávač","width=386,height=290");
myWindow.moveTo((screen.width/2)-(386/2), ((screen.height-93)/2)-(290/2));
myWindow.document.write(data);
});
page.html contains only simple script to close window when butten is pressed, declared by <script>functions, etc...</script> tag in HTML, not <script scr="some_url/script.js"></script>!
- 2 Simply use a separate js file as explained in onClick within Chrome Extension not working – woxxom Commented Jul 26, 2018 at 12:12
- wohooo! thanks! I was wondering about something like that but with my unluck it wouldnt work... but maybe yes :D thank you ! – loumadev Commented Jul 26, 2018 at 12:23
1 Answer
Reset to default 8This does not work, because Chrome forbids any kind of inline code in extensions via Content Security Policy.
What you can do is:
- Put all inline code into some file
(popup.js). - Add to your code
<script src="popup.js"></script>