我遇到一个错误,无法访问chrome扩展中的在线库。我已经在content_security_policy清单密钥中指定允许来自unpkg.com的任何资源通过,但我仍然收到以下错误:
Refused to load the script 'https://unpkg.com/react@16/umd/react.development.js' because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
我知道在这个问题上还有很多其他的stackoverflow帖子,但我没有发现一个有效的。
铬扩展
HTML
<script src="https://unpkg.com/react@16/umd/react.development.js"></script>
<script src="https://unpkg.com/react-dom@16/umd/react-dom.development.js"></script>
歧管
{
"name": "synthetic-derivatives-interface",
"version": "1.0",
"description": "synthetic derivatives interface",
"permissions": ["storage","declarativeContent"],
"background": {
"scripts": ["background.js"],
"persistent": false
},
"page_action": {
"default_popup": "popup.html"
},
"manifest_version": 2,
"content_security_policy": "script-src 'self' https://unpkg.com; object-src 'self'"
}
为什么会发生这种情况?
我很确定问题是CSP中引用的每个链接都需要列出完整的URL,而不仅仅是https://example.com部分