Chrome擴展：yql API錯誤：內容安全

Question

我正在嘗試調用yql api。但得到一個錯誤：我有以下

Manfiest.json: 
"content_security_policy": "script-src 'self'; object-src 'self'", 

Error: 
Refused to load the script 'http://query.yahooapis.com/v1/public/yql?q=select%20*%20from%20html%20where…withkeys&callback=jQuery20208888747137971222_1400373036635&_=1400373036638' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".' 

我試圖做W/O具有「content_security_policy」 但我仍然會得到一個錯誤。

的代碼做呼叫：

yqlAPI = 'http://query.yahooapis.com/v1/public/yql?q=' + encodeURIComponent(query) + ' &format=json&env=store%3A%2F%2Fdatatables.org%2Falltableswithkeys&callback=?'; 

$.getJSON(yqlAPI, function(r){ 
$.each(r.query.results.li, function(){ 
    if(typeof this.font !== 'undefined') 
     {   
     gogoAnime1.push([this.a.href,this.font.content]); 

     } 
}); 
gotFollowersOfA(gogoAnime1);}); 

我一直在尋找在 CSP（https://developer.chrome.com/extensions/contentSecurityPolicy#relaxing-remote-script） 但我不明白我必須添加到我的manifest.json。爲了使其工作的一切幫助，將不勝感激！

Answer 1

我不知道是否因爲請求一個外部對象。

Content Security Policy (CSP) - Google Chrome

If you have a need for some external JavaScript or object resources, you can relax the policy to a limited extent by whitelisting secure origins from which scripts should be accepted.

所以相應調整，manfiest.json：

"content_security_policy": 
     "script-src 'self'; object-src 'self' https://query.yahooapis.com/" 

你還需要使用HTTPS來源：

As man-in-the-middle attacks are both trivial and undetectable over HTTP, those origins will not be accepted. Currently, we allow whitelisting origins with the following schemes: HTTPS, chrome-extension, and chrome-extension-resource.