Re: [crx] Socket.io and Chrome Extension
1,890 views
Skip to first unread message
Joe Marini
Oct 17, 2012, 3:35:32 PM10/17/12
to Morgan Fromentin, Chromium-extensions
You need to add the origin of the script source that you're loading to your CSP declaration.
--
Joe Marini
Is there any way you can just include the socket.io.js file locally in your extension?
On Tue, Oct 16, 2012 at 5:07 AM, Morgan Fromentin <morgan.f...@gmail.com> wrote:
Hi everybody,
this is my first post here, I'm kind of desperate. I'm developping a chrome extension and I need to open a socket to my server on every url loaded.
My code so far works well, but in the extension, I can't load the socket.io.js to connect the client.
Everytme I get a :Refused to load the script 'http://myhost:8080/socket.io/socket.io.js' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".What's the matter with that ?--
I load the script like that :<script src="http://ec2-46-137-131-185.eu-west-1.compute.amazonaws.com:8080/socket.io/socket.io.js"></script>The last two are correctly loaded, not the first one.
<script src="jquery-1.8.2.min.js"></script>
<script src="background.js"></script>
What do I miss ?
Is it a specific restriction ?
Please, any help will be appreciate :)
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msg/chromium-extensions/-/gKvYRFmYxM8J.
To post to this group, send email to chromium-...@chromium.org.
To unsubscribe from this group, send email to chromium-extens...@chromium.org.
For more options, visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en.
Joe Marini
Developer Advocate / Chrome
Morgan Fromentin
Oct 30, 2012, 12:19:55 PM10/30/12
to chromium-...@chromium.org, Morgan Fromentin
Hi there, again.
Back on my problem.
I did try to declare it in the CSP declaration, but the extension doesn't load anymore.
This is working :
"content_security_policy": "script-src 'self' https://graph.facebook.com/; object-src 'self'"
This is not :
"content_security_policy": "script-src 'self' http://myhost/; object-src 'self'"
What am I doing wrong ?
Le mercredi 17 octobre 2012 21:35:46 UTC+2, Joe Marini a écrit :
Back on my problem.
I did try to declare it in the CSP declaration, but the extension doesn't load anymore.
This is working :
"content_security_policy": "script-src 'self' https://graph.facebook.com/; object-src 'self'"
This is not :
"content_security_policy": "script-src 'self' http://myhost/; object-src 'self'"
What am I doing wrong ?
Le mercredi 17 octobre 2012 21:35:46 UTC+2, Joe Marini a écrit :
You need to add the origin of the script source that you're loading to your CSP declaration.Is there any way you can just include the socket.io.js file locally in your extension?
On Tue, Oct 16, 2012 at 5:07 AM, Morgan Fromentin <morgan.f...@gmail.com> wrote:
Hi everybody,
this is my first post here, I'm kind of desperate. I'm developping a chrome extension and I need to open a socket to my server on every url loaded.
My code so far works well, but in the extension, I can't load the socket.io.js to connect the client.
Everytme I get a :Refused to load the script 'http://myhost:8080/socket.io/socket.io.js' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".What's the matter with that ?
I load the script like that :<script src="http://ec2-46-137-131-185.eu-west-1.compute.amazonaws.com:8080/socket.io/socket.io.js"></script>The last two are correctly loaded, not the first one.
<script src="jquery-1.8.2.min.js"></script>
<script src="background.js"></script>
What do I miss ?
Is it a specific restriction ?
Please, any help will be appreciate :)
--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msg/chromium-extensions/-/gKvYRFmYxM8J.
To post to this group, send email to chromium-...@chromium.org.
To unsubscribe from this group, send email to chromium-extensions+unsub...@chromium.org.
For more options, visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en.
Joe Marini
Oct 30, 2012, 12:26:10 PM10/30/12
to Morgan Fromentin, Chromium-extensions
It has to be https. Regular http doesn't work.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msg/chromium-extensions/-/98UNnQawGyUJ.
To unsubscribe from this group, send email to chromium-extens...@chromium.org.
For more options, visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en.
cody dooderson
Aug 13, 2013, 7:03:17 PM8/13/13
to chromium-...@chromium.org, Morgan Fromentin
I had the same problem and fixed it with the manifest file
the bottom of my manifest file looks like :
"permissions": [
"tabs",
"http://*/*",
"https://*/*"
],
"content_security_policy": "script-src 'self' http://localhost:8080 ; object-src 'self' "
Honestly, i'm not exactly sure what is going on here, but it got rid of the error.
Rishi Bhargava
Feb 21, 2015, 1:52:38 AM2/21/15
to chromium-...@chromium.org
This approach does not work for packaged chrome extensions as I get an error that content security policy is for only legacy apps only. Any other suggestions for using socket.io in chrome extension?
Reply all
Reply to author
Forward
0 new messages