Chrome extention with google costum search
866 views
Skip to first unread message
Jan Tichý
Dec 9, 2015, 11:51:41 AM12/9/15
to Chromium-Extensions-Announce
Hello
I try to make chrome extention with google costum search, but I have problem with content security policy. It send me something like this:
Can anybody help me how to solved it ?
I try to make chrome extention with google costum search, but I have problem with content security policy. It send me something like this:
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' https://www.google.com".
chrome-extension://cse.google.com/adsense/search/async-ads.js Failed to load resource: net::ERR_FAILED
Can anybody help me how to solved it ?
PhistucK
Dec 9, 2015, 11:59:34 AM12/9/15
to Jan Tichý, Chromium-Extensions-Announce
The first can be resolved by adding the unsafe-eval token to your content security policy manifest key (look at the Chrome extension documentation). A web search for the error would have probably directed you to the solution, use it next time.
The second is probably not possible to resolve, unless your code does that and not Google code.
If your code has the URL, my guess is that you use //cse.google.com/adsense/search/async-ads.js (a protocol agnostic URL). Change it to https://cse.google.com/adsense/search/async-ads.js and it should resolve the issue.
☆PhistucK
--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/f84fae62-6e7e-4d64-a480-7e40a58dec1d%40chromium.org.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.
Jan Tichý
Dec 9, 2015, 12:23:00 PM12/9/15
to Chromium-Extensions-Announce
I use unsafe-eval to manifest.json,
Then chorme return me this:
"content_security_policy": "script-src 'self' 'unsafe-eval' https://www.google.com; object-src 'self'",Then chorme return me this:
Refused to load the script 'http://clients1.google.com/complete/search?client=partner&hl=cs&sugexp=gsnos%2Cn%3D13&gs_rn=25&gs_ri=partner&partnerid=015597772657596136382%3Ak26u4bzy7es&types=t&ds=cse&cp=1&gs_id=4&q=h&callback=google.sbox.p50' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://www.google.com".Jan Tichý
Dec 12, 2015, 2:33:30 PM12/12/15
to Chromium-Extensions-Announce
Is there anyone way how to allowed google costum search API for google chrome? Because google chrome content security policy blocked script, whitch google costum search needs to return search results..
Please can somebody help me ?
Please can somebody help me ?
PhistucK
Dec 12, 2015, 2:41:29 PM12/12/15
to Jan Tichý, Chromium-Extensions-Announce
This policy seems to specify that external scripts should not run, only scripts from the extension, but I might be wrong.
Did you add manifest permissions for the domain specified by the script URL? Are you using HTTPS?
☆PhistucK
On Sat, Dec 12, 2015 at 9:33 PM, Jan Tichý <tich...@gmail.com> wrote:
Is there anyone way how to allowed google costum search API for google chrome? Because google chrome content security policy blocked script, whitch google costum search needs to return search results..
Please can somebody help me ?
--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/7d3dd6a7-7f63-4776-972c-da41a6ba90ca%40chromium.org.
Jan Tichý
Dec 12, 2015, 2:51:51 PM12/12/15
to Chromium-Extensions-Announce, tich...@gmail.com
My manifest :
{
"name": "Najdeme to za vas",
"version": "0.1",
"incognito": "split",
"background": {
"scripts": ["jquery-1.9.1.js" ]
},
"permissions": [ "https://*.google.com/*"],
"content_security_policy": "script-src 'self' 'unsafe-eval' https://www.google.com; object-src 'self'",
"content_scripts": [
{
"matches": ["https://www.google.com/*"],
"js": ["search.js"]
}
],
"browser_action": {
"default_icon": "icon.png",
"default_popup": "popup.html"
},
"icons": { "16": "icon.png",
"48": "icon.png",
"128": "icon.png" },
"manifest_version": 2
}
and my script for google costum search in search.js:
Sem vložte kód...
google.load('search', '1', {language: 'cs'});
google.setOnLoadCallback(function() {
var customSearchOptions = {};
var orderByOptions = {};
orderByOptions['keys'] = [{label: 'Relevance', key: ''} , {label: 'Date', key: 'date'}];
customSearchOptions['enableOrderBy'] = true;
customSearchOptions['orderByOptions'] = orderByOptions;
var customSearchControl = new google.search.CustomSearchControl('015597772657596136382:k26u4bzy7es', customSearchOptions);
customSearchControl.setResultSetSize(google.search.Search.LARGE_RESULTSET);
var options = new google.search.DrawOptions();
options.setAutoComplete(true);
customSearchControl.draw('cse', options);
}, true);
PhistucK
Dec 13, 2015, 1:53:02 AM12/13/15
to Jan Tichý, Chromium-Extensions-Announce
☆PhistucK
--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/9011f861-ec9a-4bc6-a8f2-252e2d1247e3%40chromium.org.
Jan Tichý
Dec 28, 2015, 4:55:52 AM12/28/15
to Chromium-Extensions-Announce, tich...@gmail.com
Thanks for reply, I try it but it wasnt work. I dont know that I use it rigth.
I think that main problem is this part code.
This part code is script for call search console from google server.
If I write some keywords to console then API try call skripts form google. Every time API need diferent skript I think.
I think that main problem is this part code.
<script>
(function() {
var cx = '015597772657596136382:k26u4bzy7es';
var gcse = document.createElement('script');
gcse.type = 'text/javascript';
gcse.async = true;
gcse.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') +
'//cse.google.com/cse.js?cx=' + cx;
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(gcse, s);
})();
</script>
<gcse:search></gcse:search>This part code is script for call search console from google server.
If I write some keywords to console then API try call skripts form google. Every time API need diferent skript I think.
PhistucK
Dec 28, 2015, 5:09:07 AM12/28/15
to Jan Tichý, Chromium-Extensions-Announce
Extensions cannot run inline scripts, move your JavaScript code into an external file (code.js, for example) and reference it (<script src="code.js"></script>).
☆PhistucK
--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/ff8dd062-842c-4b5d-ba7e-86e9ee40aaa3%40chromium.org.
Jan Tichý
Dec 28, 2015, 5:15:52 AM12/28/15
to Chromium-Extensions-Announce, tich...@gmail.com
Sorry I copy basic code form google developers website. Offcourse I have this part of code in external JS.
This is from popup.html
This is search.js (this call search console)
This is from popup.html
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
<title>Google Custom Search Element API Example</title>
<link rel="stylesheet" type="text/css" href="main.css" />
<link rel="stylesheet" type="text/css" href="default.css"/>
</head>
<body style="font-family: Arial;border: 0 none;">
<div id="cse" style="width:100%;">Loading...</div>
<script type="text/javascript" src="https://www.google.com/jsapi"></script>
<script type="text/javascript" src="search.js"></script>
<script src="https://www.google.com/uds/api/search/1.0/432dd570d1a386253361f581254f9ca1/default+cs.I.js" type="text/javascript"></script>
</body>
</html>
This is search.js (this call search console)
google.load('search', '1', {language: 'cs'});
google.setOnLoadCallback(function() {
var customSearchOptions = {};
var orderByOptions = {};
orderByOptions['keys'] = [{label: 'Relevance', key: ''} , {label: 'Date', key: 'date'}];
customSearchOptions['enableOrderBy'] = true;
customSearchOptions['orderByOptions'] = orderByOptions;
var customSearchControl = new google.search.CustomSearchControl('015597772657596136382:k26u4bzy7es', customSearchOptions);
customSearchControl.setResultSetSize(google.search.Search.LARGE_RESULTSET);
var options = new google.search.DrawOptions();
options.setAutoComplete(true);
customSearchControl.draw('cse', options);
}, true);
var script = document.createElement('script');
script.src = 'https://cse.google.com/cse.js?cx=015597772657596136382:k26u4bzy7es';
script.crossOrigin = 'anonymous';
document.head.appendChild(script);and manifest.json
{
"name": "Najdeme to za vas",
"version": "0.1",
"incognito": "split",
"background": {
"scripts": ["jquery-1.9.1.js" ]
},
"permissions": [ "<all_urls>"],
"content_security_policy": "script-src 'self' 'unsafe-eval' https://www.google.com; object-src 'self'",
"content_scripts": [
{
"matches": ["<all_urls>"],
"all_frames": true,
"js": ["search.js"]
}
],
"browser_action": {
"default_icon": "icon.png",
"default_popup": "popup.html"
},
"icons": { "16": "icon.png",
"48": "icon.png",
"128": "icon.png" },
"manifest_version": 2
}
PhistucK
Dec 28, 2015, 6:55:31 AM12/28/15
to Jan Tichý, Chromium-Extensions-Announce
Do you have any errors in the console of the popup?
☆PhistucK
--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/a5402c1f-b33b-4aaf-8d19-d49b5de67890%40chromium.org.
Jan Tichý
Dec 28, 2015, 7:21:00 AM12/28/15
to Chromium-Extensions-Announce, tich...@gmail.com
Yes
From popup console:
From popup console:
Refused to load the script 'https://cse.google.com/cse.js?cx=015597772657596136382:k26u4bzy7es' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://www.google.com".
(anonymous function) @ search.js:24
chrome-extension://cse.google.com/adsense/search/async-ads.js Failed to load resource: net::ERR_FAILEDAnd if I write someone keyword to the console:
Refused to load the script 'http://clients1.google.com/complete/search?client=partner&hl=cs&sugexp=gsno…382%3Ak26u4bzy7es&types=t&ds=cse&cp=1&gs_id=5&q=A&callback=google.sbox.p50' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://www.google.com".
a @ default+cs.I.js:163z @ default+cs.I.js:177a @ default+cs.I.js:175q @ default+cs.I.js:183V @ default+cs.I.js:204(anonymous function) @ default+cs.I.js:169l @ default+cs.I.js:168
default+cs.I.js:163 Refused to load the script 'http://clients1.google.com/complete/search?client=partner&hl=cs&sugexp=gsno…82%3Ak26u4bzy7es&types=t&ds=cse&cp=2&gs_id=9&q=AH&callback=google.sbox.p50' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://www.google.com".
a @ default+cs.I.js:163z @ default+cs.I.js:177
default+cs.I.js:163 Refused to load the script 'http://clients1.google.com/complete/search?client=partner&hl=cs&sugexp=gsno…2%3Ak26u4bzy7es&types=t&ds=cse&cp=3&gs_id=d&q=AHo&callback=google.sbox.p50' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://www.google.com".
a @ default+cs.I.js:163z @ default+cs.I.js:177
default+cs.I.js:163 Refused to load the script 'http://clients1.google.com/complete/search?client=partner&hl=cs&sugexp=gsno…%3Ak26u4bzy7es&types=t&ds=cse&cp=4&gs_id=h&q=AHoj&callback=google.sbox.p50' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://www.google.com".I know that search script and popup work together out of chrome extention.
PhistucK
Dec 28, 2015, 7:32:20 AM12/28/15
to Jan Tichý, Chromium-Extensions-Announce
And are you reading the errors?
Your content security policy does not allow domains other than https://www.google.com, but the scripts tries to access other domains. Add them to the policy.
Note that the http:// ones may be problematic, because insecure URLs cannot be loaded from secure contexts or URLs... I am not sure how you can overcome that.
☆PhistucK
--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/2293e7cb-350b-4cff-a393-cdaba11997aa%40chromium.org.
Jan Tichý
Dec 28, 2015, 7:42:38 AM12/28/15
to Chromium-Extensions-Announce, tich...@gmail.com
Ohh I see. I read thet errors many times, but this is my first extention, and I learn many think about it. I try many options but no good results.
11trees Writing
Mar 25, 2016, 7:31:01 PM3/25/16
to Chromium-Extensions-Announce, tich...@gmail.com
I'm in exactly the same situation...did anyone make progress here?
I can get the custom search to show up...but then the CSE stuff is looking in my local Chrome Extension for a js file.
Screenshot below shows the search showing up (it's just a draft page - nonsense at this point).
In the console I have " chrome-extension://cse.google.com/adsense/search/async-ads.js net::ERR_FAILED"
Thanks for any help! Getting Search results into my extension would be super sweet.
PhistucK
Mar 26, 2016, 2:36:04 AM3/26/16
to 11trees Writing, Chromium-Extensions-Announce, Jan Tichý
You may be able to get away with it by having <base href="https://google.com" src="https://google.com"/> prepended to your <head>.
That means that all of your resources and links would have to use absolute URLs, though, which is a pain (less of a pain if you do it with JavaScript).
All of this is a hack, though. You should probably file an issue at the Google Custom Search issue tracker (I am not sure where this is, sorry), or post this issue in a Google Custom Search developer forum (I am also not sure where that is, sorry).
☆PhistucK
--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/bc3efea4-030b-4dea-b139-c3d285bba5dc%40chromium.org.
11trees Writing
Mar 26, 2016, 10:40:03 AM3/26/16
to Chromium-Extensions-Announce, info.1...@gmail.com, tich...@gmail.com
I really, really appreciate you taking the time to respond.
Before you responded I had switched gears and was trying to use a sandbox to safely get the CSE results inside an extension.
This seemed promising...but I was hitting the same problem (to my newbie, feeble eyes): the core Google code was pointing at a local file which obviously wasn't going to be in my Google Extensions.
So your suggestion came just in the nick of time...and I would have never figured out to do what you suggested.
And because I set up the iframe/sandbox approach (which eliminates the need to put content security exceptions in place), i only had to pu the hardcoded base in my one small html file...so it doesn't affect the rest of my extension (and so doesn't require I use full URLs everywhere).
Thank you!
On Saturday, March 26, 2016 at 1:36:04 AM UTC-5, PhistucK wrote:
You may be able to get away with it by having <base href="https://google.com" src="https://google.com"/> prepended to your <head>.That means that all of your resources and links would have to use absolute URLs, though, which is a pain (less of a pain if you do it with JavaScript).All of this is a hack, though. You should probably file an issue at the Google Custom Search issue tracker (I am not sure where this is, sorry), or post this issue in a Google Custom Search developer forum (I am also not sure where that is, sorry).
☆PhistucK
On Sat, Mar 26, 2016 at 2:31 AM, 11trees Writing <info.1...@gmail.com> wrote:
I'm in exactly the same situation...did anyone make progress here?I can get the custom search to show up...but then the CSE stuff is looking in my local Chrome Extension for a js file.Screenshot below shows the search showing up (it's just a draft page - nonsense at this point).In the console I have " chrome-extension://cse.google.com/adsense/search/async-ads.js net::ERR_FAILED"Thanks for any help! Getting Search results into my extension would be super sweet.
On Monday, December 28, 2015 at 6:42:38 AM UTC-6, Jan Tichý wrote:Ohh I see. I read thet errors many times, but this is my first extention, and I learn many think about it. I try many options but no good results.
--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
PhistucK
Mar 26, 2016, 11:51:35 AM3/26/16
to 11trees Writing, Chromium-Extensions-Announce, Jan Tichý
Oh, I meant everywhere in the page, not in the entire extension, anyway. The sandbox is not required for that, I believe.
<base> is changing the base URL of which any relative URL (in href or src attributes) is computed within the page.
Note that it is not an extension concept, it is an HTML concept and feature, which works in normal web pages as well. It is discouraged, but may be of help in such situations.
☆PhistucK
On Sat, Mar 26, 2016 at 5:40 PM, 11trees Writing <info.1...@gmail.com> wrote:
I really, really appreciate you taking the time to respond.Before you responded I had switched gears and was trying to use a sandbox to safely get the CSE results inside an extension.This seemed promising...but I was hitting the same problem (to my newbie, feeble eyes): the core Google code was pointing at a local file which obviously wasn't going to be in my Google Extensions.So your suggestion came just in the nick of time...and I would have never figured out to do what you suggested.And because I set up the iframe/sandbox approach (which eliminates the need to put content security exceptions in place), i only had to pu the hardcoded base in my one small html file...so it doesn't affect the rest of my extension (and so doesn't require I use full URLs everywhere).
Thank you!
On Saturday, March 26, 2016 at 1:36:04 AM UTC-5, PhistucK wrote:
You may be able to get away with it by having <base href="https://google.com" src="https://google.com"/> prepended to your <head>.That means that all of your resources and links would have to use absolute URLs, though, which is a pain (less of a pain if you do it with JavaScript).All of this is a hack, though. You should probably file an issue at the Google Custom Search issue tracker (I am not sure where this is, sorry), or post this issue in a Google Custom Search developer forum (I am also not sure where that is, sorry).
☆PhistucK
On Sat, Mar 26, 2016 at 2:31 AM, 11trees Writing <info.1...@gmail.com> wrote:
I'm in exactly the same situation...did anyone make progress here?I can get the custom search to show up...but then the CSE stuff is looking in my local Chrome Extension for a js file.Screenshot below shows the search showing up (it's just a draft page - nonsense at this point).In the console I have " chrome-extension://cse.google.com/adsense/search/async-ads.js net::ERR_FAILED"Thanks for any help! Getting Search results into my extension would be super sweet.
On Monday, December 28, 2015 at 6:42:38 AM UTC-6, Jan Tichý wrote:Ohh I see. I read thet errors many times, but this is my first extention, and I learn many think about it. I try many options but no good results.
--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/bc3efea4-030b-4dea-b139-c3d285bba5dc%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/25e2484c-0aa3-4bb4-842c-ce7707f943e1%40chromium.org.
Marc Henry Fortune
Apr 21, 2017, 8:28:43 PM4/21/17
to Chromium-Extensions-Announce
I am working on web site and I have the same problem with this fonction code in external js for google search. It shwos an error as :
Failed to load resource: net::ERR_FILE_NOT_FOUND async-ads.js
Could someone help me to solve this please. Thank you in advance for your answers.
Marc
PhistucK
Apr 22, 2017, 2:25:17 AM4/22/17
to Marc Henry Fortune, Chromium-Extensions-Announce
It sounds like you are not looking for help with Chrome extensions. In that case, this is completely off topic. You should seek help in a custom search related discussion group.
☆PhistucK
--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.
To post to this group, send email to chromium-extensions@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/258f7de1-4653-43a8-bf79-cfb4c8b029a3%40chromium.org.
Reply all
Reply to author
Forward
0 new messages