我不想再用一个本地托管的 jquery 库创建一个插件。我正在尝试从 Google 的 CDN 加载它,但我遇到了这个异常:
拒绝加载脚本“http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js”,因为它违反了以下内容安全策略指令:“script-src 'self' chrome -扩展资源:”。
我该如何解决?
问问题
3101 次
2 回答
5
如果您想从 Google 的 CDN 加载 jQuery,您必须将以下内容安全规则添加到您的清单文件中。
...
"content_security_policy": "script-src 'self' https://*.googleapis.com; object-src 'self'",
...欲了解更多信息,请阅读 Sirwan Afifi 已经提供的官方文档,并特别关注CSP 规范和HTML5 Rocks 文章的链接。
于 2012-11-19T07:36:37.187 回答
0
http://developer.chrome.com/extensions/contentSecurityPolicy.html
> Only local script and and object resources are loaded
Script and object resources can only be loaded from the extension's package, not from the web at large. This ensures that your extension only executes the code you've specifically approved, preventing an active network attacker from maliciously redirecting your request for a resource.
so, you should download jquery file and include it in your package :
<!doctype html>
<html>
<head>
<title>My Awesome Popup!</title>
<script src="jquery.min.js"></script>
</head>
<body>
<button>Click for awesomeness!</button>
</body>
</html>
于 2012-11-18T18:17:25.067 回答