Reputation: 1792
How to use Google Endpoints from Chrome Extension
I try to connect to my localhost served Google Endpoints API from Chrome Extension. I managed to OAuth to Google Contact API other way than throught their JS Client but using https://apis.google.com/js/client.js?onload=loadF never call callback function. When I tried to call it manually, I get error in console:
Refused to execute inline event handler because it violates the following Content Security Policy directive . It seems that background worker has not enough permission to load API but there is no info about it from console.
My JS Code
var apiRoot='//localhost:8080/_ah/api';
var loadF = function() {
console.log("api init");
gapi.client.load('my_api', 'v1', function(){
console.log("callback");
}, apiRoot);
}
My Manifest:
{
"name": "Linkeer",
"version": "1.0",
"description": "Linkeer ",
"manifest_version": 2,
"icons": {
"128": "icon128.png"
},
"browser_action": {
"default_title": "OAuth 2.0",
"default_icon": "icon128.png",
"default_popup": "options.html"
},
"options_page": "options.html",
"content_scripts": [
{
"matches": ["http://www.google.com/robots.txt*"],
"js": ["oauth2/oauth2_inject.js"],
"run_at": "document_start"
}
],
"permissions": [
"https://accounts.google.com/o/oauth2/token",
"http://localhost:8080/_ah/api"
],
"web_accessible_resources" : [
"oauth2/oauth2.html"
],
"content_security_policy": "script-src 'self' http://localhost https://apis.google.com https://www.googleapis.com; object-src 'self'"
}
Upvotes: 1
Views: 907
Answers (3)
Reputation: 15569
For authentication I would suggest to use the Chrome Identity API which allows a much cleaner and easier implementation than the OAuth2 for Extensions library you are using at the moment.
I haven't found a good way to get the JS client library working inside of a Chrome extension yet (haven't tried in a while though). There's an open feature request for that though.
Directly creating the API requests as XMLHttpRequest should be easy enough though without using the library.
Upvotes: 3
Reputation: 9183
Today, I don't believe it's possible. There are at least two issues:
- Security policies for script inclusion are a significant blocker.
- For applications that use OAuth, the callbacks in the OAuth flow have never seemed to work properly. The popup appears, but never passes credentials back to the extension.
Upvotes: 1
Reputation: 47893
You will probably have to update your CSP with 'unsafe-inline' which does reduce security but is probably required by the Google JS.
"script-src 'self' http://localhost https://apis.google.com https://www.googleapis.com 'unsafe-inline'; object-src 'self'"
Upvotes: 1
Related Questions
- Calling backend API from chrome extension
- Using google cloud endpoints on AppEngine
- Cannot access endpoints API from chrome extension
- Using Google Cloud Endpoints API over local HTTP
- Request with google chrome api
- How to access Google Cloud Endpoints on non-default module of local Google App Engine?
- How do I set up an App Engine backend for a Chrome Extension?
- How to use Google Cloud Endpoints from within a Chrome App?
- Accessing an External API from a Web Accessible Chrome Extension
- Google Endpoints API + Chrome Extension returns None for endpoints.get_current_user().user_id()