我正在使用Kango框架开发chrome扩展程序,并且希望同时使用Google Analytics(分析)和facebook SDK。我编辑了 list 文件以包含以下内容
"content_security_policy": "script-src 'self' https://ssl.google-analytics.com https://connect.facebook.net; object-src 'self'; default-src 'self' 'unsafe-eval' chrome-extension-resource: https://*.facebook.net https://*.facebook.com; style-src 'self' 'unsafe-inline' chrome-extension-resource: https://*.facebook.net https://*.facebook.com; frame-src 'self' 'unsafe-inline' chrome-extension-resource: https://*.facebook.net https://*.facebook.com"
但这是行不通的!我收到以下错误
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' https://ssl.google-analytics.com https://connect.facebook.net".
最佳答案
将script-src指令更改为结尾有'unsafe-eval'。
script-src 'self' https://ssl.google-analytics.com https://connect.facebook.net 'unsafe-eval';
请注意,这会降低扩展程序的安全性,因为可以执行JavaScript的随机字符串。