Reputation: 187
Chrome app content security policy issue
I'm trying to build a chrome app that embeds Youtube content but facing this error while using some scripts : "Refused to load the script 'https://www.youtube.com/iframe_api' because it violates the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback."
I've followed the documentation as long i tried to look around the web and found out i needed to loosen the CSP. Here is my manifest.json
{
...
"permissions": ["https://*.youtube.com"],
"content_security_policy": "script-src 'self' https://*.youtube.com; object-src 'self'"
}
but i still have the same error. What am i doing wrong?
Upvotes: 0
Views: 519
Answers (1)
Reputation: 77523
You cannot override CSP for apps. The reference you found was for extensions.
Your options are limited to <webview> embedding and sandboxing.
Upvotes: 3
Related Questions
- Chrome Extension Content Security Policy not Allowing Resources
- Chrome app content security policy
- Content Security Policy Chrome App (img-src)
- Refused to execute inline event handler because it violates the following Content Security Policy Error in Chrome App
- Content Security Policy in Chrome App
- Issue With Content Security Policy in Chrome Extension
- Chrome add-on triggers Content Security Policy violation
- Chrome packaged app security policy
- chrome is not recognizing my content_security_policy string in my chrome extension
- Content-Security-Policy error?