google-chrome-extension - Chrome Extension: Refused to load the script because it violates the following Content Security Policy directive: "script-src 'self'

Question

I'm building a Chrome extension and using $.ajax (jsonp) to pull article titles and urls from a json array on a wordpress site.

If I GET from a https site, it works fine, however if I GET from a http site I get the following error.

Refused to load the script because it violates the following Content Security Policy directive: "script-src 'self'

Unfortunately it's not possible in this instance to use HTTPS on this particular site, so how do I allow a none http site in my Content Security Policy in my manifest.json or is it strictly https only?

score 1 · Accepted Answer

根据developer.chrome.com/extensions/contentSecurityPolicy，只能将 HTTPS 站点添加到 CSP，而不是 HTTP。

但是您不应该从 Chrome 扩展程序中执行 JSONP，期间。无法使用我的 Chrome 扩展程序执行 HTTP 请求

google-chrome-extension - Chrome Extension: Refused to load the script because it violates the following Content Security Policy directive: "script-src 'self'

1 回答 1

Related

Reference