Menu
I'm trying to build a page action extension and need to load an external JavaScript library from the popup (it needs to come from the external domain so that the correct cookies are sent).
However I get this error message:
Refused to load script from 'http://api.flattr.com/js/0.6/load.js?mode=auto' because of Content-Security-Policy.
Is there any way around this?
857
To include an external JavaScript file, we can use the script tag with the attribute src . You've already used the src attribute when using images. The value for the src attribute should be the path to your JavaScript file. This script tag should be included between the <head> tags in your HTML document.
External JavaScript External scripts are practical when the same code is used in many different web pages. JavaScript files have the file extension .js.
Using scripts via plain HTTP is no longer allowed for security reasons. See this issue.
From linked page:
Yeah, we're no longer allowing insecure scripts in extensions. If you load a script over HTTP, an active network attacker can inject script into your extension, which is a security vulnerability.
One suggested solution is to link the scripts via HTTPS where possible. Another one is to include the script with the plugin itself.
152
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
