'Chrome Extension: Refused to load the script, because it violates the following Content Security Policy directive: "script-src 'self'"
I'm trying to add a game to Chrome Web Store as an extension, but I'm having some problems with it. The game is made in Unity3D.
The Error:
Refused to load the script 'blob:chrome-extension://laacabdjcfgafjkeclplanjohdbpapgn/88f06275-2339-4218-a7c4-ab954cbaafdc' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
The code where the error is triggered:
function f() {
return d("frameworkUrl").then(function(e) {
var t = URL.createObjectURL(new Blob([e], {
type: "application/javascript"
}));
return new Promise(function(e, n) {
var r = document.createElement("script");
r.src = t, r.onload = function() {
var n = unityFramework;
unityFramework = null, r.onload = null, URL.revokeObjectURL(t), e(n)
}, document.body.appendChild(r), c.deinitializers.push(function() {
document.body.removeChild(r)
})
})
})
}
The exact line:
}, document.body.appendChild(r), c.deinitializers.push(function() {
The extension is using Manifest Version 3. No external scripts/resources are being used. I'm trying for some days to solve this, but I couldn't make it.
Has anybody tried something like this and could help me? Or maybe you have an idea... I'm open to it.
Thanks! :)
Solution 1:[1]
Your code try to add external script t
to the extension page.
It is conceptually prohibited in manifest V3 for security reason.
Actually, CSP directive script-src 'self'
prohibits that.
https://developer.chrome.com/docs/extensions/mv3/intro/mv3-migration/#content-security-policy
You cannot execute external code also in content script.
https://developer.chrome.com/docs/extensions/mv3/intro/mv3-migration/#executing-arbitrary-strings
If you want to execute external code, you can execute it in sandbox page.
https://developer.chrome.com/docs/extensions/mv3/manifest/sandbox/
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | hashed tomato |