Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to set Content Security Policy in Chrome Extension Manifest.json in order for Firebase to work

Tags:

json

javascript

google-chrome

firebase

google-chrome-extension

I made a Chrome Extension and used Firebase to collect data into a database. It worked fine for some time, but it seems there were some changes to Chrome. Now I get the following error in the javascript console when using Inspect Element on my Extension:

Refused to load the script 'https://(myID).firebaseio.com/(otherprivatedata)' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".

This script is written at firebase.js:171, it's not script that I added.

I attempted to follow this guide and add the "content_security_policy" tag to my manifest.json as instructed: https://github.com/firebase/firebase-chrome-extension

I added the following line to my manifest.json as instructed:

"content_security_policy": "script-src 'self' https://cdn.firebase.com https://*.firebaseio.com; object-src 'self'"

However when I add this line, I now get an error when trying to load my script in chrome://extensions

Error Loading Extension

Failed to load extension from: ~\XXX\my_ext

Manifest is not valid JSON. Line: 14, column: 5, Syntax error.

And it highlights the line I just added above (content_security_policy). What am I doing wrong? It seems anything after "content_security_policy" is completely refused by Chrome.

Even when I try the sample code from Google, it doesn't work. developer.chrome.com/extensions/contentSecurityPolicy

"content_security_policy": "script-src 'self' https://example.com; object-src 'self'"

How can I set the content_security_policy in order for Firebase to work in an Extension?

(My firebase.jp is already downloaded and packaged in with my Extension since Chrome won't let me call it as remote.)

like image 267
fohx Avatar asked Jun 17 '15 10:06

fohx

1 Answers

Yep, thanks rsanchez... totally forgot a comma...

...   
  "options_page": "option.html",
  "manifest_version": 2, <- THIS COMMA
  "content_security_policy": "script-src 'self' https://cdn.firebase.com https://*.firebaseio.com; object-src 'self'"
}

Works now, thanks for your help!

like image 81
fohx Avatar answered Nov 03 '22 09:11

fohx
Sign in to Comment

Related questions

Div Square, width size based on 100% height
Returning from a parent function from inside a child function - Javascript
Strange behaviour in JSON.stringify with replacer function
When are JavaScript Blob objects garbage collected?
How to retrieve LayerPoint (X, Y) from Latitude and Longitude coordinates using Leaflet API
Which is the load, rendering and execution order of elements in a HTML page?
How to declare array of specific type in javascript
Set an item from localStorage in a protractor test
Why does calling focus() break my CSS transition?
AngularJS $http call in a Service, return resolved data, not promises
Allow Moment.js dates in bootstrap-ui datepicker
IE 11 DispatchEvent
Ion-slide-box with different slide heights
Intercept and modify DOM before page is displayed to user
How can I quickly find the relatively positioned HTML parent element of an absolutely positioned child?
Change Background color of Active list item in bootstrap
How to draw a linear gradient circle by svg? [duplicate]
Thinking in JavaScript promises (Bluebird in this case)
How do I enable the chrome browser to allow local cookies? --enable-file-cookies
Javascript / jQuery: How to dynamically add rows to table body (using arrays)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!