I'm getting the message 'Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).' in my console.
My extension is structured as such:
jquery.min.js,
manifest.json,
options.html,
potato.png,
script.js,
I believe the header of my options.html is the issue:
<head>
<title>Rotten Potatoes</title>
<script src="jquery.min.js"></script>
<script src="script.js"></script>
<link rel="shortcut icon" type="image/png" href="potato.png"/>
</head>
Anyone have any ideas how to get rid of this? Via the manifest maybe?
CodePudding user response:
The site you're visiting has restrictions in place blocking the inline injection of this script. Try looking at the headers being returned by the site you're visiting and see if it contains any of the CSP (Content Security Policy) headers. I also noticed you are including 3rd party libraries, they may have 3rd party scripts blocked all together by origin.
What your error is giving you comes specifically from the header:
Content-Security-Policy: script-src *;
Here are a few references to you can read to understand what is going on here.
References: