0

我正在創建使用谷歌地球的Google Chrome擴展。Chrome在我的Chrome擴展中無法識別我的content_security_policy字符串

我加入以下到我的清單:

{ 
    "name": "Calculator", 
    "description": "A simple calculator.", 
    "manifest_version": 2, 
    "minimum_chrome_version": "23", 
    "version": "1.3.2", 
    "app": {"background": {"scripts": ["model.js", "view.js", "controller.js"]}}, 
    "icons": { 
    "16": "images/icon-16x16.png", 
    "128": "images/icon-128x128.png" 
    }, 

    "content_security_policy": "script-src 'self' https://www.google.com/jsapi; https://www.google.com/uds/?file=earth&v=1; https://www.google.com/uds/api/earth/1.0/109c7b2bae7fe6cc34ea875176165d81/default.I.js; object-src 'self'", 


     "permissions": [ 
      "storage", 
      "https://*.google.com/" 
     ]  
    } 

即使如此,當我跑我的分機,我得到以下錯誤:

Refused to load the script 'https://www.google.com/jsapi' because it violates the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. 
Refused to load the script 'https://www.google.com/uds/?file=earth&v=1' because it violates the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. 
Refused to load the script 'https://www.google.com/uds/api/earth/1.0/109c7b2bae7fe6cc34ea875176165d81/default.I.js' because it violates the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. 
+0

嘗試' 「content_security_policy」: 「劇本-SRC '自我' https://www.google.com」' –

回答

2

在CSP中的URL應當分開由空格,而不是分號。分號用於分隔指令。

比照https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#syntax-and-algorithms

A CSP policy consists of a U+003B SEMICOLON (;) delimited list of directives: 
    policy = [ directive *(";" [ directive ]) ] 

所以,你的CSP應改爲:

"content_security_policy": "script-src 'self' https://www.google.com/jsapi https://www.google.com/uds/?file=earth&v=1 https://www.google.com/uds/api/earth/1.0/109c7b2bae7fe6cc34ea875176165d81/default.I.js; object-src 'self'"