matejuh
Reputation: 406
Chrome packaged app security policy
I need create RSA signature in my Chrome packaged app written with Backbone.js. But when I use jsrsasign I get:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an
allowed source of script in the following Content Security Policy directive:
"default-src 'self' chrome-extension-resource:". Note that 'script-src' was
not explicitly set, so 'default-src' is used as a fallback.
I tried to set up content_security_policy, but it's not working with packaged apps. So how to workaround this?
The code which causes problems is:
var sig = new KJUR.crypto.Signature({"alg": "SHA1withRSA", "prov": "cryptojs/jsrsa"});
And the lib is calling eval:
this.md = eval(KJUR.crypto.Util.CRYPTOJSMESSAGEDIGESTNAME[alg]).create();
Upvotes: 0
Views: 174
Answers (1)
rsanchez
Reputation: 14657
At first sight, it seems that you can patch that line in the library with:
this.md = CryptoJS.algo[alg.toUpperCase()].create();
Upvotes: 1
Related Questions
- Chrome extension manifest v3 Content Security Policy
- Chrome app content security policy issue
- Chrome app content security policy
- Chrome extension content security policy and permissions
- Published Chrome Packaged App
- Google Chrome Extension - Content Security Policy
- Google Chrome extension Content Security Policy
- Content Security Policy in Chrome App
- Chrome add-on triggers Content Security Policy violation
- Chrome Packaged App Access Chrome APIs