我正在尝试在 chrome 扩展中使用 dropbox api,但控制台显示
Refused to load the script 'https://www.dropbox.com/static/api/1/dropins.js' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:"
如何解决这个问题?
我把 “权限”:[ “https://www.dropbox.com” ]
但是还是不行
最佳答案
如果您需要从外部域加载脚本,您的扩展程序必须
- 在权限中包含外部脚本的域
- 它必须是 https 资源
我发现您已经加载了 https:
,因此只需将 https://www.dropbox.com
添加到您的权限中就可以解决此问题。
权限应如下所示:
"content_security_policy": "script-src 'self' https://www.dropbox.com; object-src 'self'"
从Content Security Policy Documentation阅读此内容
If you have a need for some external JavaScript or object resources, you can relax the policy to a limited extent by whitelisting secure origins from which scripts should be accepted. We want to ensure that executable resources loaded with an extension's elevated permissions are exactly the resources you expect, and haven't been replaced by an active network attacker
关于javascript - 将 Dropbox API 脚本加载到 Chrome 扩展程序时出错,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20416198/