chrome插件的内容安全策略
chrome插件的内容安全策略
提问于 2018-05-20 23:21:43
我正在尝试使简单的XMLHTTPRequest到安全政府页面。
Refused to connect to 'https://www.sec.gov/cgi-bin/browse-edgar?CIK=LEL&Find=Search&owner=exclude&action=getcompany&count=100' because it violates the following Content Security Policy directive: "connect-src *://localhost:3000 https://www.sec.gov/*".
render @ TickerTableInfo.js?420e:36使用React redux chrome extension boilerplate
manifest.json看起来像这样。
{
"version": "0.0.0",
"name": "react-chrome-extension-example",
"manifest_version": 2,
"description": "Example for react-chrome-extension-boilerplate",
"browser_action": {
"default_title": "React Chrome Extension Example",
"default_popup": "popup.html"
},
"icons": {
"16": "img/icon-16.png",
"48": "img/icon-48.png",
"128": "img/icon-128.png"
},
"web_accessible_resources": [
"inject.html"
],
"background": {
"page": "background.html"
},
"permissions": [ "contextMenus", "management", "tabs", "storage", "https://github.com/*", "https://www.sec.gov/*" ],
"content_security_policy": "default-src 'self' https://www.sec.gov/*; script-src 'self' http://localhost:3000 https://localhost:3000 'unsafe-eval'; connect-src *://localhost:3000 https://www.sec.gov/*; style-src * 'unsafe-inline' 'self' blob:; img-src 'self' data:;"
}回答 1
Stack Overflow用户
发布于 2018-05-21 00:15:54
Had必须将/*从
"content_security_policy": "default-src 'self' https://www.sec.gov/*; script-src 'self' http://localhost:3000 https://localhost:3000 'unsafe-eval'; connect-src *://localhost:3000 https://www.sec.gov/*; style-src * 'unsafe-inline' 'self' blob:; img-src 'self' data:;"谢谢你wOxxOm的回答
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/50436349
复制相关文章
相似问题
腾讯云开发者
