how to fix 'Chrome Content Security Policy Directive' in chrome extension
我正在制作一个Chrome扩展程序,该扩展程序使用JQuery通过ajax调用来访问Wikipedia的API。我已经在扩展的本地js文件夹中包含了JQuery的副本。在弹出窗口中,我输入了一个值,然后在popup.js中获取该值并执行get请求,并且我收到了"拒绝加载脚本,因为它违反了以下内容安全策略指令:" script-src'self'blob":文件系统:chrome-extension-resource:"。请注意,未明确设置" script-src-elem",因此将" script-src"用作后备。"
我在
"tabs",
"webNavigation",
"webRequest",
"",
"https://en.wikipedia.org/*"
],
我看到添加
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | $('#urlCopyButton').click(function search() { var searchWord = document.querySelector('#searchWord').value; console.log(searchWord); var results = []; $.ajax({ crossDomain: true, header: 'Access-Control-Allow-Origin', url:`https://en.wikipedia.org/w/api.php?action=opensearch&format=json&maxlag=5&search=${searchWord}&callback=?`, type: 'GET', dataType: 'json', beforeSend: function(xhr){xhr.setRequestHeader('https://en.wikipedia.org', 'https://en.wikipedia.org');}, success: (data) => { $("#output").html(""); var i =0; for (var i = 0; i < data[1].length; i++) { $("#output").append(` <li> ${data[1][i] +"" + data[2][i]} </li> `); } console.log(data); }, error: (err) =>{ console.log(err.responseJSON); } }) |
})
我希望它会成功,并且控制台中的数据会增加,但不是这样会引发此错误:
拒绝加载脚本'https://en.wikipedia.org/w/api.php?action=opensearch&format=json&maxlag=5&search=dfa&callback=jQuery33108394586597597996985_1549655186216&_=1549655186217',因为它违反了以下内容安全策略指令:" script-src"自我" blob:文件系统:chrome-extension-resource:"。请注意,未明确设置" script-src-elem",因此将" script-src"用作后备。
发送@ jquery.js:2"
Wikipedia的
只需删除
无需进行与标头或
1 2 3 4 5 6 7 8 9 | $.ajax({ url: 'https://en.wikipedia.org/w/api.php?' + 'action=opensearch&format=json&maxlag=5&search=' + encodeURIComponent(searchWord), success(data) { // ............... // data is an object/array, you can process it directly here // ............... }, }); |
manifest.json应该允许URL:
-
"permissions": ["https://*.wikipedia.org/"] -
"permissions": [""]