Reputation: 11135
Chrome app content security policy
Errors:
Refused to load the script 'https://ssl.google-analytics.com/ga.js' because it violates the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
background.html:9 Refused to frame 'https://www.youtube.com/embed/' because it violates the following Content Security Policy directive: "frame-src 'self' data: chrome-extension-resource:".
Solve: To resolve this issue, I tried adding
"content_security_policy": "script-src 'self' 'unsafe-eval'
https://www.youtube.com/ https://ssl.google-analytics.com/; object-src 'self'"
But then I get the warning:
'content_security_policy' is only allowed for extensions and legacy packaged apps, but this is a packaged app.
What should I do?
Upvotes: 0
Views: 1347
Answers (1)
Reputation: 3740
You can't load a script directly from the web. All scripts must be inside the Chrome App's folder. This may require you to download the script and place it into a folder that itself is inside the Chrome App folder.
Upvotes: 2
Related Questions
- Chrome extension fetch API - Content Security Policy
- Chrome app content security policy issue
- Chrome extension content security policy and permissions
- Content Security Policy Chrome App (img-src)
- Refused to execute inline event handler because it violates the following Content Security Policy Error in Chrome App
- Content Security Policy in Chrome App
- How to allow this code within a Chrome Packaged App without violating CSP?
- Issue With Content Security Policy in Chrome Extension
- Chrome add-on triggers Content Security Policy violation
- Chrome packaged app security policy