I'm making a chrome newtab extension that loads the users weather by querying yahoo weather. I'm getting a 'Content-Security-Policy' violation from chrome saying I cannot load the script:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-PeWalvgfJE6xbsZk1lp14cxuyPBUbuIbzFNlAxarXxU='), or a nonce ('nonce-...') is required to enable inline execution.
Here is my manifest:
{
"name": "WeatherTodo",
"version": "1.0",
"description": "Extension that shows a weather animation and todolist",
"manifest_version": 2,
"permissions": ["storage"],
"chrome_url_overrides": {
"newtab": "index.html"
}
}
The problem is that the query is a different URL depending on where the user is so I'm not sure if I can add it as a safe link to the manifest. Please help.
I think this is the line that is causing the error, I'm not sure because chrome is pointing to the html line that has my script tag:
fetch("https://query.yahooapis.com/v1/public/yql?q=select%20*%20from%20weather.forecast%20where%20woeid%20in%20(SELECT%20woeid%20FROM%20geo.places%20WHERE%20text%3D%22("
+ position.coords.latitude + "%2C" + position.coords.longitude
+ ")%22)&format=json&env=store%3A%2F%2Fdatatables.org%2Falltableswithkeys")