问题描述
出于某种原因,当我尝试使用我的Chrome扩展时,我不断收到以下错误;
拒绝加载脚本'',因为它违反了以下内容安全策略指令:script-src'self'chrome-
For some reason, I keep getting the following error when I try to use my chrome extension;Refused to load the script 'http://dynamic.xkcd.com/api-0/jsonp/comic/1123?callback=random&_=1411616016083' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".
Manifest.json
Here is my code:
这是我的代码:
$ b
Manifest.json
{
"manifest_version": 2,
"name": "XKCD New Tab",
"description": "This extension demonstrates a browser action with kittens.",
"version": "1.0",
"permissions": [
"tabs",
"http://dynamic.xkcd.com/*"
],
"chrome_url_overrides": {
"newtab": "index.html"
}
}
index.html
index.html
<html>
<head>
<title>New Tab</title>
<script src="jquery-2.1.1.min.js"></script>
<script src="testcode.js"></script>
</head>
<style>
h1 {
font-family: Helvetica;
color:#3498db;
font-weight: 100;
}
.container {
text-align: center;
background-color: #ecf0f1;
}
}
</style>
<body bgcolor="#ecf0f1">
<div id="xkcdcontent" class="container"></div>
</body>
</html>
testcode.js
testcode.js
var x = Math.floor((Math.random() * 1420) + 1);
$.ajax({
url: "http://dynamic.xkcd.com/api-0/jsonp/comic/"+ x +"?callback=?",
dataType: "json",
jsonpCallback: "random",
success: function(data) {
$("#xkcdcontent").append(
$("<h1 style=text-align:center;/>").text(data.title),
$("<img align=middle/>").attr({
src: data.img,
title: data.alt,
alt: data.title
})
);
}
});
推荐答案
不应该使用jsonp作为扩展名,因为它涉及执行由服务器提供的代码,这就是错误所在。您可以直接使用以下方式访问json:
You shouldn't use jsonp from an extension, as it involves execution of code provided by the server, and that's what the error is about. You can access the json directly using:
url: "http://xkcd.com/"+ x +"/info.0.json",
请记住更新清单中的权限以允许此主机。从参数中删除 jsonpCallback
字段。
Remember to update the permissions in your manifest to allow this host. And remove the jsonpCallback
field from your parameter.
这篇关于我的Chrome扩展程序无法执行HTTP请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!