Google chrome extension chrome插件的内容安全策略
我正在尝试向Sec政府页面提交简单的XMLHTTPRequestGoogle chrome extension chrome插件的内容安全策略,google-chrome-extension,xmlhttprequest,Google Chrome Extension,Xmlhttprequest,我正在尝试向Sec政府页面提交简单的XMLHTTPRequest Refused to connect to 'https://www.sec.gov/cgi-bin/browse-edgar?CIK=LEL&Find=Search&owner=exclude&action=getcompany&count=100' because it violates the following Content Security Policy directive: "conn
Refused to connect to 'https://www.sec.gov/cgi-bin/browse-edgar?CIK=LEL&Find=Search&owner=exclude&action=getcompany&count=100' because it violates the following Content Security Policy directive: "connect-src *://localhost:3000 https://www.sec.gov/*".
render @ TickerTableInfo.js?420e:36
使用
manifest.json如下所示
{
"version": "0.0.0",
"name": "react-chrome-extension-example",
"manifest_version": 2,
"description": "Example for react-chrome-extension-boilerplate",
"browser_action": {
"default_title": "React Chrome Extension Example",
"default_popup": "popup.html"
},
"icons": {
"16": "img/icon-16.png",
"48": "img/icon-48.png",
"128": "img/icon-128.png"
},
"web_accessible_resources": [
"inject.html"
],
"background": {
"page": "background.html"
},
"permissions": [ "contextMenus", "management", "tabs", "storage", "https://github.com/*", "https://www.sec.gov/*" ],
"content_security_policy": "default-src 'self' https://www.sec.gov/*; script-src 'self' http://localhost:3000 https://localhost:3000 'unsafe-eval'; connect-src *://localhost:3000 https://www.sec.gov/*; style-src * 'unsafe-inline' 'self' blob:; img-src 'self' data:;"
}
必须从中删除
/*
"content_security_policy": "default-src 'self' https://www.sec.gov/*; script-src 'self' http://localhost:3000 https://localhost:3000 'unsafe-eval'; connect-src *://localhost:3000 https://www.sec.gov/*; style-src * 'unsafe-inline' 'self' blob:; img-src 'self' data:;"
感谢wOxxOm的回答从CSP字符串中删除所有
/*
。