题意:Google Maps API 脚本因内容安全策略未能加载。
问题背景:
I am making a google chrome extension where I want to use google maps. The problem is that when I run my script then it gives me this error
翻译:我正在制作一个 Google Chrome 扩展程序,我想使用 Google 地图。问题是当我运行我的脚本时,它给了我这个错误。
Refused to load script from 'https://maps.googleapis.com/maps/api/js?key=XXXXXXXXXXXXXXXX&sensor=false' because of Content-Security-Policy.
Here is my manifest file
这是我的清单文件。
{
"name": "Name",
"version": "1.0",
"manifest_version": 2,
"background": {
"scripts": [
"js/script.js"
]
},
"description": "Desc",
"browser_action": {
"default_icon": "images/icon.png",
"default_title": "Title",
"default_popup": "html/popup.html"
},
"permissions": [
"http://*/",
"http://*.google.com/",
"http://localhost/*"
],
"content_security_policy": "script-src 'self' http://google.com; object-src 'self'"
}
And I am adding my scripts like this
我这样添加我的脚本。
<script src="../js/libs/jquery.js"></script>
<script type="text/javascript" src="https://maps.googleapis.com/maps/api/js?key=XXXXXXXXXXXXXX&sensor=false"></script>
<script src="../js/plugins/easing.js"></script>
<script src="../js/script.js"></script>
Why am I getting that error again and again? Please help...
我为什么会一次又一次地收到那个错误?请帮帮我……
Update one
I added these two permissions to manifest file but still not working
我在清单文件中添加了这两个权限,但仍然无法正常工作。
"https://maps.google.com/*",
"https://maps.googleapis.com/*",
Update two
I also used this sort of content_security_policy
我还使用了这种类型的内容安全策略。
"content_security_policy": "default-src 'none'; style-src 'self'; script-src 'self'; connect-src https://maps.googleapis.com; img-src https://maps.google.com"
But above doesnt work for me either
但上述方法对我也不管用。
问题解决:
I think the problem here is that you have not correctly set the content security policy for Google Maps URL. You should change your "content_security_policy" in manifest file to something like this:
我认为这里的问题是您没有正确设置Google Maps URL的内容安全策略。您应该将清单文件中的“content_security_policy”更改为如下内容:
"content_security_policy": "script-src 'self' https://maps.googleapis.com https://maps.gstatic.com; object-src 'self'"
This simply means that you are allowing to run script from the self/current page, and from the "https://maps.googleapis.com".
这意味着您允许从自身/当前页面和“https://maps.googleapis.com”运行脚本。
Try this, and see if it helps..
试试看,看看是否有帮助。