0

I'm developing a Chrome Extension but there is something wrong. I checked all similar questions in StackOverflow but I can't fix this problem.

I want to import a Youtube iFrame API and other things but I have some error with this.

enter image description here

and here is my mainfest.json

{
  "manifest_version": 2,
  "name": "tetoda_robot_chromeExtension",
  "description": "chromeExtension Test",
  "version": "1.0.0",
  "content_security_policy":"script-src 'self' https://www.youtube.com/player_api https://kit.fontawesome.com/a076d05399.js https://www.googleapis.com; object-src 'self'",
  "browser_action": {
    "default_icon": "logo.png",
    "default_popup": "popup.html"
  },
  "permissions": [
    "tabs",
    "<all_urls>"
  ]
}

I already tried to use meta tag with content-security-policy option, and it seemed to work but I got more errors as well. 

<meta http-equiv="Content-Security-Policy" content="script-src 'self' http://www.youtube.com https://kit.fontawesome.com maxcdn.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval'; 
style-src 'self' https://fonts.googleapis.com maxcdn.bootstrapcdn.com https://kit.fontawesome.com/a076d05399.js 'unsafe-inline'">

what should I do?

Sebastian Brosch
  • 37,059
  • 14
  • 61
  • 73
Yesora Choi
  • 21
  • 2
  • The error message doesn't show your CSP from manifest.json so evidently it wasn't applied. Did you click the reload icon in the extension's card on chrome://extensions page? Also try removing URL paths from CSP so it looks like `https://www.youtube.com`. It's also possible `https://s.ytimg.com` should be added in CSP or some other domain needed for the youtube API. – wOxxOm Jun 17 '20 at 06:44
  • thank you for your comment but It still doesn't work. I didn't need to use Youtube API so, I deleted it. but I have to still use other things. I read about Content-Security-Policy in [link](https://developers.google.com/web/fundamentals/security/csp) and modified a meta tag and now, There is still only one error that is the last error in the picture(about hash blah blah) T_T – Yesora Choi Jun 17 '20 at 08:11
  • Use a separate js file, [more info](https://stackoverflow.com/a/25721457). – wOxxOm Jun 17 '20 at 09:01

0 Answers0