2

截至this question Can't load facebook js sdk from Chrome extension 我尝试基本相同的事情

背景.js

(function(d, s, id, debug){
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) {return;}
js = d.createElement(s); js.id = id;
js.src = "facebook-all.js";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk', /*debug* / false));

window.fbAsyncInit = function() {
// init the FB JS SDK
alert('INIT SDK');
FB.init({
  appId      : 'xxxxxxxxxxx', // App ID from the App Dashboard
  //channelUrl : '', // Channel File for x-domain communication
  status     : true, // check the login status upon init?
  cookie     : true, // set sessions cookies to allow your server to access the session?
  xfbml      : true,  // parse XFBML tags on this page?
});
FB.login(function(response) {
   if (response.authResponse) {
     alert('Welcome!  Fetching your information.... ');
     FB.api('/me', function(response) {
         alert('connected ' + JSON.stringify(response, null, 4));
     });
   } else {
     alert('User cancelled login or did not fully authorize.');
   }
 });
};

清单.json

{
"name": "A browser action with no icon",
"version": "1.0",
"background": { "scripts":["background.js"]},
"permissions": [
"tabs",
"https://*/*",
],
"content_security_policy": "default-src https://connect.facebook.net/ https://s-static.ak.facebook.com/connect/ chrome-extension-resource: 'self' 'unsafe-eval' ",
"manifest_version": 2
}

但我在控制台上收到以下错误:

The "fb-root" div has not been created, auto-creating all.js:52

Refused to apply inline style because it violates the following Content Security Policy directive: "default-src https://connect.facebook.net/ https://s-static.ak.facebook.com/connect/ 'self' 'unsafe-eval'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

Refused to execute JavaScript URL because it violates the following Content Security Policy directive: "default-src https://connect.facebook.net/ https://s-static.ak.facebook.com/connect/ 'self' 'unsafe-eval'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

Refused to execute JavaScript URL because it violates the following Content Security Policy directive: "default-src https://connect.facebook.net/ https://s-static.ak.facebook.com/connect/ 'self' 'unsafe-eval'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

Refused to load the frame 'http://static.ak.facebook.com/connect/xd_arbiter.php?version=21#channel=f30…F_generated_background_page.html%3Ffb_xd_fragment%23xd_sig%3Df2c0b5eef8%26' because it violates the following Content Security Policy directive: "default-src https://connect.facebook.net/ https://s-static.ak.facebook.com/connect/ 'self' 'unsafe-eval'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.

Refused to load the frame 'https://www.facebook.com/dialog/oauth?client_id=xxxxxxxxxxx&response_type=…4%26domain%3D<extension-id>%26relation%3Dparent&sdk=joey' because it violates the following Content Security Policy directive: "default-src https://connect.facebook.net/ https://s-static.ak.facebook.com/connect/ 'self' 'unsafe-eval'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.

我知道不再允许“不安全内联”,那么有没有办法让 chrome 扩展中的 fs-jssdk 工作?

任何帮助将不胜感激!

obs:我可以直接在浏览器中从 FB 获取结果,但不能在扩展中。

4

1 回答 1

1

您可以通过以下方式启用样式和框架:

"content_security_policy": "default-src 'self' 'unsafe-eval' chrome-extension-resource: https://*.facebook.net https://*.facebook.com; style-src 'self' 'unsafe-inline' chrome-extension-resource: https://*.facebook.net https://*.facebook.com; frame-src 'self' 'unsafe-inline' chrome-extension-resource: https://*.facebook.net https://*.facebook.com",

但我不知道如何摆脱Refused to load the frame 'http://static.ak.facebook.com(...)错误。Google chrome 的 CSP 不允许 http:// 域,没有它就没有框架内通信,因此例如自动调整大小将不起作用。

于 2013-05-11T23:10:07.730 回答