Reputation: 11
Generating a nonce for a Chrome Web Extension
We are trying to generate a nonce for a chrome web extension so that we can run content scripts within an HTML that communicates with an onscreen popup. We have been hit with security errors when trying to load scripts. We have tried to tried to generate a nonce in the serviceworker.js file, but unsure how to get it to our HTML or mainfest.json. All the resources state that we need a nonce, but we are unsure to connect creating a nonce return function to either the manifest.json or the HTML. Any help would be greatly appreciated. Thanks.
We tried generating in a background script (serviceworker.js) We tried to inject the nonce into a content script found in our HTML file We tried to use a nonce in our manifest json in our content-security-policy
Upvotes: 1
Views: 33
Answers (1)
Reputation: 9090
Sequential time-based nonce:
performance.now() // 26990.200000047684
Date.now() // 1739891888256
Randomized time-based nonce:
performance.now() * Math.random() // 17480.567282680593
performance.now() * Math.random() // 4943.825734329091
performance.now() * Math.random() // 35706.85821822665
Date.now() * Math.random() // 1465475835548.3696
Date.now() * Math.random() // 1597907530898.054
Date.now() * Math.random() // 681621414408.0616
Upvotes: 0
Related Questions
- Enable nonce to laravel official packages
- How to use dynamic nonce in ASP.NET MVC 4 for CSP
- Refused to load the script because it violates the following Content Security Policy directive
- Chrome extension "Refused to evaluate a string as JavaScript because 'unsafe-eval'
- Chrome extension how to include content security policy for chrome-extension://
- Chrome extension Content Security Policy directive error
- Extension refuses to load the script due to Content Security Policy directive
- Chrome extension doesn't work