Google chrome extension Chrome扩展中的内容安全策略问题

这是我的chrome扩展

"permissions": [
"storage",
"https://app.socialschools.nl/*",
"http://*.google.com/", // Refer to http://goo.gl/CPeqK http://goo.gl/U3Vev
"bookmarks", // http://code.google.com/chrome/extensions/bookmarks.html
"chrome://favicon/",
"clipboardRead", // document.execCommand('paste').
"clipboardWrite", // document.execCommand('copy' OR 'cut')
"contextMenus", //http:///code.google.com/chrome/extensions/contextMenus.html
"cookies", // http://code.google.com/chrome/extensions/cookies.html
// "experimental", // http://code.google.com/chrome/extensions/dev/experimental.html
"fileBrowserHandler", // http://goo.gl/GqbrP
"geolocation", // http://dev.w3.org/geo/api/spec-source.html
"history", // http://code.google.com/chrome/extensions/history.html
"idle", // http://code.google.com/chrome/extensions/idle.html
"management", // http://code.google.com/chrome/extensions/management.html
"notifications", // code.google.com/chrome/extensions/notifications.html
"tabs", // http://code.google.com/chrome/extensions/tabs.html +windows.html
"tts", // http://code.google.com/chrome/extensions/tts.html
"ttsEngine", // http://code.google.com/chrome/extensions/ttsEngine.html
"unlimitedStorage"
],

"content_security_policy":"script-src 'unsafe-eval' https://apps.socialschools.nl/;object-src 'self';connect-src https://app.socialschools.nl/",

我已经在scriptsrc、permissions和connectsrc中添加了API url（）。不过，我还是发现了这个错误：

Refused to load the script 'https://app.socialschools.nl/apiv1/public/924/post/?callback=jQuery16200253…109_1398087409246&only_descendants=false&number_of_items=5&_=1398087409299' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' https://apps.socialschools.nl/".

我似乎不明白我在这里错过了什么？有人能帮我解决这个问题吗

---

提前感谢。

我发现API还不支持HTTPS，CSP的脚本src需要HTTPS作为外部源。因此，内容安全策略存在问题。

您将

apps

而不是

app

。该网站托管在Heroku上，因此您可以尝试使用

https://socialschools-production.herokuapp.com/apiv1/public/924/post/

取而代之。谢谢您的建议！但由于它被绑定到一个域（app.socialschools.nl），它给了我一个内部服务器错误。