Chrome Extension “Refused to load the script because it violates the following Content Security Policy directive”

javascript google-chrome google-chrome-extension content-security-policy cryptojs

15,066

For those who tumble upon the same issue. I had the same and it was resolved after I updated content_security_policy to include the googleapis url I was trying to load.

My code:

<head>
...
<script src="https://maps.googleapis.com/maps/api/js?key=API_KEY;libraries=places"></script>
</head>

Needed

{
  "content_security_policy": "script-src 'self' 'unsafe-eval' https://maps.googleapis.com 'unsafe-inline'; object-src 'self'",
}

15,066

Author by

Imran Jony

Updated on June 18, 2022

Comments

Imran Jony almost 2 years

i try to encrypt user data by cryptojs library and send to server by ajax but the console shows the error:

Refused to load the script 'https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js' because it violates the following Content Security Policy directive: "script-src 'self' https://apis.google.com 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

my manifest code contains :

"content_security_policy": "script-src 'self' https://apis.google.com 'unsafe-eval'; object-src 'self'"

how to solve this problem?