Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using jQuery in overridden new tab, in Chrome Extension, violates Content Security Policy?

Tags:

jquery

google-chrome-extension

I have a chrome extension, where I override the newtab with an html file 'index.html'.
I want to use jQuery on this 'index.html'.
How can I do this ?

Here's my simplified code:

manifest.json

{
    "name": "Test Name",
    "description": "Test Description",
    "version": "0.1",
    "chrome_url_overrides": {
        "newtab": "index.html"
    },
    "manifest_version": 2,
}


index.html

<html>
    <head>
        <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script>
        <script src="index.js"></script>
    </head>
    <body>
        <div> Hello World ! </div>
    </body>
</html>


index.js

console.log('Extension loaded successfully ...');
console.log($('div')); // console.log(jQuery('div'));


But I keep getting the following two errors in console.

Refused to load the script 'https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".

Extension loaded successfully ...

Uncaught ReferenceError: $ is not defined


UPDATE: 1 I also tried to add content security policy in manifest file, but it doesn't work, and still generating the error:

"content_security_policy": "script-src 'self' https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js 'unsafe-eval'; object-src 'self'",


UPDATE: 2 I also tried to add permissions in manifest file, but it doesn't work too, still same errors:

"permissions": [ "http://*/", "https://*/" ]


How can I solve this ?

like image 863
Ashraf Bashir Avatar asked Apr 23 '15 11:04

Ashraf Bashir

1 Answers

You're using a wrong format for the CSP string. The correct one would be (note the absence of path):

"content_security_policy": "script-src 'self' https://ajax.googleapis.com 'unsafe-eval'; object-src 'self'"

However, it's a better practice to include a local copy of libraries you use in Chrome extensions, and not rely on a CDN.

Imagine your new tab page completely failing to load properly because the connection is not working, or loading slowly because of a poor connection.

like image 52
Xan Avatar answered Oct 04 '22 16:10

Xan
Sign in to Comment

Related questions

jquery .css() not working
Insert four spaces instead of tab
jQuery AJAX request events - done,fail,success
Placeholder opens jQuery UI autocomplete combobox on page load (IE10)
Select all (Ctrl+a) keyboard button not working for input filed inside the HTML5 sortable
Jquery datatable with tri color rows
Convert jquery plugin into directive angular
Trouble with an one page navigation - updating/highlighting active state and scroll to anchor
Typescript cannot find name '$' after importing jquery?
What's the difference between $(document).ready() and just omit it?
how to customize jQuery Password Strength indicator location
How to get IMEI Number in Cordova?
Call by WebApi Delete method using AJAX
How to avoid transparent background using cropping plugin
Best approach for dependent ajax calls in jQuery
jQuery add and remove HTML elements with nested div
jQuery not working on AJAX loaded html content
Getting an ID from a button into a bootstrap modal
check if same value exist in an input box
sorting is not performing in jquery

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!