清单中的 Firebase 内容安全策略更改
Firebase Content Security Policy changes in manifest
我正在尝试通过我的 chrome 扩展访问我的 firebase 数据库。
我不断收到这个 :-
我的清单文件有 content_security_policy-
这一行
"content_security_policy": "script-src 'self' https://cdn.firebase.com https://*.firebaseio.com; object-src 'self'".
编辑-这是错误文本:-
拒绝框'https://.firebaseapp.com/....
因为它违反了以下内容安全策略指令:"frame-src https://clients4.google.com/insights/consumersurveys/ https://calendar.google.com/accounts/ 'self' https://accounts.google.com/ https://apis.google.com/u/ https://apis.google.com/_/streamwidgets/ https://clients6.google.com/static/ https://content.googleapis.com/static/ https://mail-attachment.googleusercontent.com/ https://www.google.com/calendar/ https://calendar.google.com/calendar/ https://docs.google.com/ https://drive.google.com https://.googleusercontent.com/docs/securesc/ https://feedback.googleusercontent.com/resources/ https://www.google.com/tools/feedback/ https://support.google.com/inapp/ https://.googleusercontent.com/gadgets/ifr https://hangouts.google.com/ https://talkgadget.google.com/ https://.talkgadget.google.com/ https://www-gm-opensocial.googleusercontent.com/gadgets/ https://plus.google.com/ https://wallet.google.com/gmail/ https://www.youtube.com/embed/ https://clients5.google.com/pagead/drt/dn/ https://clients5.google.com/ads/measurement/jn/ https://www.gstatic.com/mail/ww/ https://www.gstatic.com/mail/intl/ https://clients5.google.com/webstore/wall/ https://ci3.googleusercontent.com/ https://apis.google.com/additnow/ https://www.gstatic.com/mail/promo/ https://notifications.google.com/ https://mail-payments.google.com/mail/payments/".
拒绝加载脚本“https://...firebaseio.com/..... because it violates the following Content Security Policy directive: "script-src https://clients4.google.com/insights/consumersurveys/ 'self' 'unsafe-inline' 'unsafe-eval' https://mail.google.com/_/scs/mail-static/ https://hangouts.google.com/ https://talkgadget.google.com/ https://*.talkgadget.google.com/ https://www.googleapis.com/appsmarket/v2/installedApps/ https://www-gm-opensocial.googleusercontent.com/gadgets/js/ https://docs.google.com/static/doclist/client/js/ https://www.google.com/tools/feedback/ https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://ssl.google-analytics.com/ https://apis.google.com//scs/abc-static/ https://apis.google.com/js/ https://clients1.google.com/complete/ https://apis.google.com//scs/apps-static/_/js/ https://ssl.gstatic.com/inputtools/js/ https://ssl.gstatic.com/cloudsearch/static/o/js/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/common_sharing/static/client/js/ https://www.gstatic.com/og/_/js/”。
我正在尝试对这个脚本的 firebase 数据库进行远程注入。 :-
var config = {
apiKey: -----,
authDomain: -----,
databaseURL: ----,
storageBucket: ----,
};
firebase.initializeApp(config);
var dbRef=firebase.database().ref().child('text');
$("#h1").on('keyup',function(){
dbRef.set($("#h1").html());
});
我应该怎么做才能解决这个错误?
Refused to load the script 'https://...firebaseio.com/..... because it violates the following Content Security Policy directiv
您应该在扩展本身中包含 firebase.js 脚本,而不是尝试从 public 位置加载它。
我正在尝试通过我的 chrome 扩展访问我的 firebase 数据库。 我不断收到这个 :-
我的清单文件有 content_security_policy-
这一行"content_security_policy": "script-src 'self' https://cdn.firebase.com https://*.firebaseio.com; object-src 'self'".
编辑-这是错误文本:-
拒绝框'https://.firebaseapp.com/.... 因为它违反了以下内容安全策略指令:"frame-src https://clients4.google.com/insights/consumersurveys/ https://calendar.google.com/accounts/ 'self' https://accounts.google.com/ https://apis.google.com/u/ https://apis.google.com/_/streamwidgets/ https://clients6.google.com/static/ https://content.googleapis.com/static/ https://mail-attachment.googleusercontent.com/ https://www.google.com/calendar/ https://calendar.google.com/calendar/ https://docs.google.com/ https://drive.google.com https://.googleusercontent.com/docs/securesc/ https://feedback.googleusercontent.com/resources/ https://www.google.com/tools/feedback/ https://support.google.com/inapp/ https://.googleusercontent.com/gadgets/ifr https://hangouts.google.com/ https://talkgadget.google.com/ https://.talkgadget.google.com/ https://www-gm-opensocial.googleusercontent.com/gadgets/ https://plus.google.com/ https://wallet.google.com/gmail/ https://www.youtube.com/embed/ https://clients5.google.com/pagead/drt/dn/ https://clients5.google.com/ads/measurement/jn/ https://www.gstatic.com/mail/ww/ https://www.gstatic.com/mail/intl/ https://clients5.google.com/webstore/wall/ https://ci3.googleusercontent.com/ https://apis.google.com/additnow/ https://www.gstatic.com/mail/promo/ https://notifications.google.com/ https://mail-payments.google.com/mail/payments/".
拒绝加载脚本“https://...firebaseio.com/..... because it violates the following Content Security Policy directive: "script-src https://clients4.google.com/insights/consumersurveys/ 'self' 'unsafe-inline' 'unsafe-eval' https://mail.google.com/_/scs/mail-static/ https://hangouts.google.com/ https://talkgadget.google.com/ https://*.talkgadget.google.com/ https://www.googleapis.com/appsmarket/v2/installedApps/ https://www-gm-opensocial.googleusercontent.com/gadgets/js/ https://docs.google.com/static/doclist/client/js/ https://www.google.com/tools/feedback/ https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://ssl.google-analytics.com/ https://apis.google.com//scs/abc-static/ https://apis.google.com/js/ https://clients1.google.com/complete/ https://apis.google.com//scs/apps-static/_/js/ https://ssl.gstatic.com/inputtools/js/ https://ssl.gstatic.com/cloudsearch/static/o/js/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/common_sharing/static/client/js/ https://www.gstatic.com/og/_/js/”。
我正在尝试对这个脚本的 firebase 数据库进行远程注入。 :-
var config = {
apiKey: -----,
authDomain: -----,
databaseURL: ----,
storageBucket: ----,
};
firebase.initializeApp(config);
var dbRef=firebase.database().ref().child('text');
$("#h1").on('keyup',function(){
dbRef.set($("#h1").html());
});
我应该怎么做才能解决这个错误?
Refused to load the script 'https://...firebaseio.com/..... because it violates the following Content Security Policy directiv
您应该在扩展本身中包含 firebase.js 脚本,而不是尝试从 public 位置加载它。