我需要一些关于如何获取我的 chrome 清单以允许服务器和应用程序之间进行 Google API 对话的扩展的建议。当我直接指向它(而不是作为扩展)时,应用程序加载正常。
但是我的问题是,当我将其作为扩展加载时,出现以下错误:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' https://apis.google.com/".
该应用程序是为与 Google 的日历 API 交互而构建的。
这是我的 HTML 标头(本地)的样子:
<head>
<link href='reset.css' rel="stylesheet" type="text/css">
<link href='style.css' rel="stylesheet" type="text/css">
<link href='animate-custom.css' rel="stylesheet" type="text/css">
<script type="text/javascript" src="jquery.min.js"></script>
<script src="https://apis.google.com/js/client.js?onload=onClientLoad" type="text/javascript"></script>
<script src="main.js" type="text/javascript"></script>
<script type="text/javascript" src="moment_langs.js"></script>
<title>Dashboard</title>
</head>
这是加载时的样子(**脚本加载 - 猜测 api 调用?):
<link href='reset.css' rel="stylesheet" type="text/css">
<link href='style.css' rel="stylesheet" type="text/css">
<link href='animate-custom.css' rel="stylesheet" type="text/css">
**<script src="https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en.lm_l25KfNhA.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AItRSTM1DJ5OrFPvETO8O24EqSIF_JCoKQ/cb=gapi.loaded_0" async=""></script>**
<script type="text/javascript" src="jquery.min.js"></script>
<script src="https://apis.google.com/js/client.js?onload=handleClientLoad" type="text/javascript"></script>
<script src="main.js" type="text/javascript"></script>
<script type="text/javascript" src="moment_langs.js"></script>
我的清单:
{
"manifest_version": 2,
"name": "My Dashboard",
"version": "1.2",
"content_security_policy": "script-src 'self' https://apis.google.com/; object-src 'self'",
"permissions": [
"webRequest",
"*://*.googleapis.com/*",
"*://*.apis.google.com/*"
],
"chrome_url_overrides" : {
"newtab": "index.html"
}
}