Content Security Policy Directive

[Ananize Scott]

Background:  I was trying to follow the Chrome Extension Tutorial on Debugging, by using the My Bookmarks Extension on the Samples page. I downloaded the extension and executed successfully. I right clicked on the extension and clicked "Inspect Popup".

I got the following error:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://ajax.googleapis.com".

I then read the documentation provided by Google and HTML5Rocks.

I made the following changes:

I removed an empty script tag from the HTML:

<script>

</script>

I changed the body tag from <body style="width: 400px"> to <body> and moved the css to an external file and added a link in the HTML.

I added the following to the manifest:

  "web_accessible_resources": [

    "images/icon.png",

    "style/mystyles.css",

    "script/popup.js"

I reran the extension and got the same error.

Long story short. I completely removed the Javascript file and the CSS file and got the same error.

I removed all references to JQuery except the following:

<html>

<head>

<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" type="text/javascript"></script>

</head>

<body>

<div>Search Bookmarks: <input/></div>

</body>

</html>

As you can see this is bear-bones HTML.

I scripted the manifest down to:

{

  "name": "My Bookmarks",

  "version": "1.56",

  "description": "A browser action with a popup dump of all bookmarks, including search, add, edit and delete.",

  "permissions": [

    "bookmarks"

  ],

  "browser_action": {

      "default_title": "My Bookmarks.",

      "default_icon": "icon.png",

      "default_popup": "popup.html"

  },

  "manifest_version": 2,

  "content_security_policy": "script-src 'self' https://ajax.googleapis.com; object-src 'self'"

}

The content security policy is the original.

I reran the extension and got the same error.

Finally, I removed the following script tag in the HTML.

<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" type="text/javascript"></script>

The error disappeared. 

The tool is incorrectly identifying this line as an inline script when it's not!

Please let me know, if I am wrong about this.

Thanks
Ken A. Scott

 

[Peter Rybin]

Hi,

sorry, this is a wrong mail list for this.

Peter

2013/8/25 Ananize Scott <ken3...@gmail.com>

--
You received this message because you are subscribed to the Google Groups "chromedevtools-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromedevtools-...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Ananize Scott]

Can you provide a link to the forum I should post this in?

Ken

2013/8/25 Ananize Scott <ken3...@gmail.com>

To unsubscribe from this group and stop receiving emails from it, send an email to chromedevtools-dev+unsub...@googlegroups.com.

[Peter Rybin]

I guess this group should be the one: google-chrome-developer-tools, https://groups.google.com/forum/#!forum/google-chrome-developer-tools

Sorry about naming ambiguity.

2013/8/25 Ananize Scott <ken3...@gmail.com>

To unsubscribe from this group and stop receiving emails from it, send an email to chromedevtools-...@googlegroups.com.

[L Lawiet Matsumyien]

Did you end up finding a solution to this problem? It's been quite a while since you posted this but I am having the same issue. 

2013/8/25 Ananize Scott <ken3...@gmail.com>

2013/8/25 Ananize Scott <ken3...@gmail.com>

To unsubscribe from this group and stop receiving emails from it, send an email to chromedevtools-dev+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.