Chrome Extension “Refused to load the script because it violates the following Content Security Policy directive”
For those who tumble upon the same issue. I had the same and it was resolved after I updated content_security_policy
to include the googleapis url I was trying to load.
My code:
<head>
...
<script src="https://maps.googleapis.com/maps/api/js?key=API_KEY;libraries=places"></script>
</head>
Needed
{
"content_security_policy": "script-src 'self' 'unsafe-eval' https://maps.googleapis.com 'unsafe-inline'; object-src 'self'",
}
Imran Jony
Updated on June 18, 2022Comments
-
Imran Jony almost 2 years
i try to encrypt user data by cryptojs library and send to server by ajax but the console shows the error:
Refused to load the script 'https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js' because it violates the following Content Security Policy directive: "script-src 'self' https://apis.google.com 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
my manifest code contains :
"content_security_policy": "script-src 'self' https://apis.google.com 'unsafe-eval'; object-src 'self'"
how to solve this problem?