我的 Chrome 应用具有以下 list :
{
"name": ",
"version": "1.0.3",
"manifest_version": 2,
"description": "Chrome Extension for.",
"icons": {
"16": "images/test.png",
"19": "images/test.png",
"256": "images/test.png"
},
"app": {
"background": {
"scripts": [
"background.js"
]
}
},
"sandbox": {
"js": [
"lib/test-api.js"
]
},
"permissions": [
"<all_urls>",
"notifications",
"storage",
"videoCapture"
]
}
我有一个运行eval
的脚本文件。我读过 CSP和沙盒,但我仍然收到此错误:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
最佳答案
您是否尝试过根据您的 CSP 将 CSP 行添加到您的 list 中?链接?
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"
关于javascript - Chrome 应用中的内容安全政策,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21130400/