Chrome Plugin and Content Security Policy errors

When uploading my unpacked Chrome extension, I get the following error:

Could not load extension from '/Users/me/example'. Invalid value for 'content_security_policy': Both 'script-src' and 'object-src' directives must be specified (either explicitly, or implicitly via 'default-src'), and both must whitelist only secure resources. You may include any of the following sources: "'self'", "'unsafe-eval'", "http://127.0.0.1", "http://localhost", or any "https://" or "chrome-extension://" origin. For more information, see http://developer.chrome.com/extensions/contentSecurityPolicy.html

My manifest looks like the following:

{
  "name": "Example Inc.",
  "manifest_version" : 2,
  "version": "0.4.4",
  "content_scripts": [
    {
      "matches": [
        "*://*.example.cc/*"
      ],
      "js": [
        "production/jquery.libs.min.js",
        "https://example.cc/js/example.js"
      ],
      "run_at": "document_end"
    }
  ],
  "permissions": [
    "*://*.example.cc/*",
    "tabs",
    "activeTab",
    "contextMenus",
    "storage",
    "management",
    "cookies"
  ],
  "content_security_policy": "script-src 'self' https://ssl.google-analytics.com/ga.js https://example.cc/js/*; object-src 'self'"
}

From all the examples I've seen, and after reading through some of the CSP docs, I'm not sure what I'm missing. Our domain is fully https, the example.js file exists and is accessible, etc

Any ideas are welcome!

Upvotes: 1

Answers (2)

R...

Reputation: 2570

if you are only using your code set it to self only e.g.

"content_security_policy": "script-src 'self'; default-src 'self'",

Upvotes: 1

Aminadav Glickshtein

Reputation: 24590

You should do:

"content_security_policy": "script-src 'self' https://ssl.google-analytics.com/ga.js https://example.cc; object-src 'self'"

Upvotes: 0

Chrome Plugin and Content Security Policy errors

Answers (2)

Related Questions