I am getting content security error in my chrome extension
4,421 views
Skip to first unread message
Pankaj Borad
Oct 11, 2023, 12:16:55 AM10/11/23
to Chromium Extensions
Hi
i am creating chrome extension in next js
i have added login with social media functionality but when i click on login with google,facebook
it says some thing like below
Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
here is my manifies file
i am creating chrome extension in next js
i have added login with social media functionality but when i click on login with google,facebook
it says some thing like below
Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
here is my manifies file
{
"manifest_version": 3,
"name": "Spacedial Extension",
"description": "Spacedial extension",
"version": "1.0",
"icons": {
"16": "icons/16.png",
"32": "icons/32.png",
"64": "icons/48.png",
"128": "icons/128.png"
},
"permissions": [
"activeTab",
"scripting",
"tabs",
"cookies",
"geolocation",
"identity",
"identity.email"
],
"oauth2":{
"scopes": [
"profile email",
]
},
"host_permissions": [
"*://*/*"
],
"action": {
"default_icon": {
"16": "/icons/16.png",
"32": "/icons/32.png",
"48": "/icons/48.png",
"128": "/icons/128.png"
}
},
"content_scripts": [{
"matches": ["<all_urls>","http://*/*","https://*/*"],
"js": ["popup.js"],
"css":[],
"run_at": "document_end",
"all_frames": true
}],
"background": {
"service_worker": "background.js"
},
"web_accessible_resources": [
{
"resources": [ "index.html","popup.css"],
"matches": [ "<all_urls>" ]
}
],
"content_security_policy": {
"extension_pages": "script-src 'self'; object-src 'self'; script-src-elem 'self' 'unsafe-inline' https://apis.google.com"
}
}
Patrick Kettner
Oct 23, 2023, 9:11:30 AM10/23/23
to Pankaj Borad, Chromium Extensions
Hi Pankaj,
Looking at your extension, the login buttons have a javascript url as their href (i.e. href="javascript:;"). This is what is causing the violation. Since your event listeners are on click handlers, and you aren't using the linking part of the anchor tag, you can change this to a button or even just a span or div and it would still work without the error.
--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/3b55c13e-da1a-43e4-90c5-ce9c49602c56n%40chromium.org.
Reply all
Reply to author
Forward
0 new messages