Content Security Policy directive: “script-src ‘self’ ‘unsafe-eval’”
在开放谷歌插件的时候,使用了iframe嵌入网页,在修改了一系列问题后,出现了新的问题,插件报错
Refused to load the script ‘https://xxxxxxxxxxx’ because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-eval’”. Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.
找了很多文档与博客,最后发现解决办法是修改manifest.json里的content_security_policy属性配置。
之前我的配置是
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
将其修改为
"content_security_policy": "script-src 'self' 'unsafe-eval' https://xxxxx.com; object-src 'self'",
这里的https://xxxxx.com改为报错信息中的地址域名就行。
然后再执行下插件就会发现,他不报错了。