6

我正在使用 Kango 框架开发一个 chrome 扩展,我想同时使用 Google Analytics 和 facebook SDK。我编辑了清单文件以包含以下内容

"content_security_policy": "script-src 'self' https://ssl.google-analytics.com https://connect.facebook.net; object-src 'self'; default-src 'self' 'unsafe-eval' chrome-extension-resource: https://*.facebook.net https://*.facebook.com; style-src 'self' 'unsafe-inline' chrome-extension-resource: https://*.facebook.net https://*.facebook.com; frame-src 'self' 'unsafe-inline' chrome-extension-resource: https://*.facebook.net https://*.facebook.com"

但它不起作用!我收到以下错误

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' https://ssl.google-analytics.com https://connect.facebook.net".
4

1 回答 1

3

script-src将指令更改'unsafe-eval'为最后。

script-src 'self' https://ssl.google-analytics.com https://connect.facebook.net 'unsafe-eval';

请注意,这会降低扩展程序的安全性,因为可以执行随机的 JavaScript 字符串。

于 2013-12-18T01:25:29.397 回答