Menu
I'm developing a chrome extension using Kango framework, and I waned to use both Google Analytics and facebook SDK. I edited the manifest file to include the follwoign
"content_security_policy": "script-src 'self' https://ssl.google-analytics.com https://connect.facebook.net; object-src 'self'; default-src 'self' 'unsafe-eval' chrome-extension-resource: https://*.facebook.net https://*.facebook.com; style-src 'self' 'unsafe-inline' chrome-extension-resource: https://*.facebook.net https://*.facebook.com; frame-src 'self' 'unsafe-inline' chrome-extension-resource: https://*.facebook.net https://*.facebook.com"
But it doesn't work! and I'm getting the following error
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' https://ssl.google-analytics.com https://connect.facebook.net".
573
Analytics users can download it from the Chrome web store. After you install the extension for your Chrome browser, you can load a page that you are tracking with Analytics and see the following information: Metrics: Pageviews, Unique Pageviews, Avg. Time on Page, Bounce Rate, % Exit.
Once you have successfully installed the extension, an extension icon will appear in your chrome menu. Now, in order to view the inpage analytics, open the site or page you want to track and click the page analytics extension icon to enable it.
Change the script-src directive to have 'unsafe-eval' at the end.
script-src 'self' https://ssl.google-analytics.com https://connect.facebook.net 'unsafe-eval';
Note that this will lower the security of your extension as random strings of JavaScript can be executed.
71
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
