Chrome App : Refused to execute inline script because it violates the following Content Security Policy directive
6,035 views
Skip to first unread message
Sreejith Mangattil
Jul 19, 2017, 1:56:26 AM7/19/17
to Chromium-Apps-Announce
I did some research on the same thread, and tried the answers that i got. But still the same error throws everytime.
In my case, its a chrome app and in one page im using an iframe and im pointing src into some xhtml content. That actually contain some inline style and scripts, which i cant remove or change.
Below is my manifest file.
{
"manifest_version": 2,
"name": "*****",
"short_name": "****",
"version": "*****",
"permissions": [""],
"content_security_policy": "default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; object-src 'self' 'unsafe-inline' 'unsafe-eval'",
"app": {
"background": {
"scripts": ["chrome.js"]
}
},
"icons": {
"16": "1.png",
"48": "2.png",
"128": "3.png"
},
"sandbox": {
"pages": [
"sql-js-template.html"
]
}
}
PhistucK
Jul 19, 2017, 3:40:41 AM7/19/17
to Sreejith Mangattil, Chromium-Apps-Announce
You cannot allow inline scripts. You must put them in external files.
If you cannot do that, then Chrome applications might not be the platform for you.
☆PhistucK
--
You received this message because you are subscribed to the Google Groups "Chromium-Apps-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-apps+unsubscribe@chromium.org.
To post to this group, send email to chromi...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-apps/.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.
Sreejith Mangattil
Jul 20, 2017, 12:56:49 AM7/20/17
to PhistucK, Chromium-Apps-Announce
But the same build was working 4 months back, when chrome build was 49/50. At that time "content_security_policy" was working fine. Is there any major changes happened in the last few chrome updates?
Thanks and Regards
Sreejith M
On Wed, Jul 19, 2017 at 1:09 PM, PhistucK <phis...@gmail.com> wrote:
You cannot allow inline scripts. You must put them in external files.If you cannot do that, then Chrome applications might not be the platform for you.
☆PhistucK
PhistucK
Jul 20, 2017, 1:14:45 AM7/20/17
to Sreejith Mangattil, Chromium-Apps-Announce
Your manifest file shows a warning when I load it -
"'content_security_policy' is only allowed for extensions and legacy packaged apps, but this is a packaged app."
☆PhistucK
Sreejith Mangattil
Jul 20, 2017, 2:40:21 AM7/20/17
to PhistucK, Chromium-Apps-Announce
Yeah i have go thorough, but still im in doubt, then how the same app with same code with the same inline scripts & styles works fine untill now? So, if i cant use "CSP" for packaged app, there is only one way to do by "sandboxing"?
Thanks and Regards
Sreejith M
On Thu, Jul 20, 2017 at 10:43 AM, PhistucK <phis...@gmail.com> wrote:
Your manifest file shows a warning when I load it -"'content_security_policy' is only allowed for extensions and legacy packaged apps, but this is a packaged app."
☆PhistucK
PhistucK
Jul 20, 2017, 3:10:07 AM7/20/17
to Sreejith Mangattil, Chromium-Apps-Announce
I guess so. I am not sure what has changed, though (that might be a bug). Have you changed manifest.json rather than the code perhaps?
☆PhistucK
Sreejith Mangattil
Jul 20, 2017, 3:12:03 AM7/20/17
to PhistucK, Chromium-Apps-Announce
Nop, nothing. Still my app is live with this issue. I uploaded the last change 5 months back and it was working fine :(
Thanks and Regards
Sreejith M
On Thu, Jul 20, 2017 at 12:39 PM, PhistucK <phis...@gmail.com> wrote:
I guess so. I am not sure what has changed, though (that might be a bug). Have you changed manifest.json rather than the code perhaps?
☆PhistucK
PhistucK
Jul 20, 2017, 3:14:49 AM7/20/17
to Sreejith Mangattil, Chromium-Apps-Announce
You can search crbug.com for an existing issue and star it. If you cannot find one, file a new issue using the "New issue" link on the same page.
Please, do not add a "+1" or "Me too" or "Confirmed" (or similar) comment. It just wastes the time of Chrome engineers and sends unnecessary e-mails to all of the people who starred the issue.
You can reply with a link to the found or created issue and might get triaged (and fixed) faster.
Thank you.
☆PhistucK
Sreejith Mangattil
Jul 20, 2017, 9:23:02 AM7/20/17
to PhistucK, Chromium-Apps-Announce
Thanks for your effort, my app is working fine upto chrome - 56. From 57 onwards its not bcz of this error...
Thanks and Regards
Sreejith M
On Thu, Jul 20, 2017 at 12:44 PM, PhistucK <phis...@gmail.com> wrote:
You can search crbug.com for an existing issue and star it. If you cannot find one, file a new issue using the "New issue" link on the same page.Please, do not add a "+1" or "Me too" or "Confirmed" (or similar) comment. It just wastes the time of Chrome engineers and sends unnecessary e-mails to all of the people who starred the issue.You can reply with a link to the found or created issue and might get triaged (and fixed) faster.Thank you.
☆PhistucK
PhistucK
Jul 20, 2017, 9:59:30 AM7/20/17
to Sreejith Mangattil, Chromium-Apps-Announce
Do file an issue and reply with a link to it - it might get fixed.
☆PhistucK
Reply all
Reply to author
Forward
0 new messages