0

我正在创建一个使用谷歌地球的谷歌浏览器扩展。

我在清单中添加了以下内容:

{
  "name": "Calculator",
  "description": "A simple calculator.",
  "manifest_version": 2,
  "minimum_chrome_version": "23",
  "version": "1.3.2",
  "app": {"background": {"scripts": ["model.js", "view.js", "controller.js"]}},
  "icons": {
    "16": "images/icon-16x16.png",
    "128": "images/icon-128x128.png"
  },

  "content_security_policy": "script-src 'self' https://www.google.com/jsapi; https://www.google.com/uds/?file=earth&v=1; https://www.google.com/uds/api/earth/1.0/109c7b2bae7fe6cc34ea875176165d81/default.I.js; object-src 'self'",


      "permissions": [
          "storage",
          "https://*.google.com/"
        ]     
    }

即使如此,当我运行我的扩展程序时,我仍然收到以下错误:

Refused to load the script 'https://www.google.com/jsapi' because it violates the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
Refused to load the script 'https://www.google.com/uds/?file=earth&v=1' because it violates the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
Refused to load the script 'https://www.google.com/uds/api/earth/1.0/109c7b2bae7fe6cc34ea875176165d81/default.I.js' because it violates the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
4

1 回答 1

2

CSP 中的 URL 应该用空格而不是分号分隔。分号用于分隔指令。

参见https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#syntax-and-algorithms

 A CSP policy consists of a U+003B SEMICOLON (;) delimited list of directives:
     policy = [ directive *( ";" [ directive ] ) ]

因此,您的 CSP 应为:

"content_security_policy": "script-src 'self' https://www.google.com/jsapi https://www.google.com/uds/?file=earth&v=1 https://www.google.com/uds/api/earth/1.0/109c7b2bae7fe6cc34ea875176165d81/default.I.js; object-src 'self'"
于 2013-08-25T16:06:27.290 回答