内容安全策略:无法在Chrome扩展中加载Google API React

发布于 01-23 20:38 字数 920 浏览 2 评论 0 原文

我正在使用React和实现Google Ingup创建Chrome扩展名

,因此我

<script src="https://apis.google.com/js/api.js"></script>

现在在index.html中

添加了Chrome 。当我构建代码并部署时,Chrome显示错误,说

Refused to load the script 'https://apis.google.com/js/api.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

我正在使用明确版本3 文件。

所以我添加了

"content_security_policy": {
        "extension_pages": "script-src 'self' https://apis.google.com; object-src 'self'"
    }

,但是现在这表明

content_security_policy.extension_pages': Insecure CSP value "https://apis.google.com" in directive 'script-src'.
Could not load manifest.

我该如何解决?

I am creating chrome extension using react and implementing google signup

so i added

<script src="https://apis.google.com/js/api.js"></script>

in index.html

now when i build the code and deploy, chrome shows errors saying

Refused to load the script 'https://apis.google.com/js/api.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

I am using manifest version 3 file.

So i added

"content_security_policy": {
        "extension_pages": "script-src 'self' https://apis.google.com; object-src 'self'"
    }

but now this is showing

content_security_policy.extension_pages': Insecure CSP value "https://apis.google.com" in directive 'script-src'.
Could not load manifest.

How can i solve this?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

鯉魚旗 2025-01-30 20:38:45

我通过在响应中添加标头来管理CSP,例如 -

我不确定明确版本3文件是什么意思

add_header content-security-policy“ default-src'self'; script-src
'自己'; font-src ;明显的src“自我”; object-src'none';
connect-src'self' <="" em=""> .googleapis.com/;“;

<="" em="">

您可以尝试将此行添加到您的代码(您的要求) -

connect-src 'self' https://www.google-analytics.com/ https://*.googleapis.com/;

I managed CSP with my nginx settings by adding headers to my response, such as -

I'm not sure what do you mean by manifest version 3 file

add_header Content-Security-Policy "default-src 'self';script-src
'self'; font-src ; manifest-src 'self'; object-src 'none';
connect-src 'self' https://www.google-analytics.com/
https://
.googleapis.com/;";

Can you try adding this line to your code (your requirement) -

connect-src 'self' https://www.google-analytics.com/ https://*.googleapis.com/;
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文