6

I'm developing a chrome extension using Kango framework, and I waned to use both Google Analytics and facebook SDK. I edited the manifest file to include the follwoign

"content_security_policy": "script-src 'self' https://ssl.google-analytics.com https://connect.facebook.net; object-src 'self'; default-src 'self' 'unsafe-eval' chrome-extension-resource: https://*.facebook.net https://*.facebook.com; style-src 'self' 'unsafe-inline' chrome-extension-resource: https://*.facebook.net https://*.facebook.com; frame-src 'self' 'unsafe-inline' chrome-extension-resource: https://*.facebook.net https://*.facebook.com"

But it doesn't work! and I'm getting the following error

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' https://ssl.google-analytics.com https://connect.facebook.net".
Mahmoud M. Abdel-Fattah
  • 1,479
  • 2
  • 16
  • 34
  • I wonder how much more descriptive an error message could be. The next level is probably self-correcting errors... :) – gkalpak Dec 18 '13 at 06:11
  • @Fattah, I am about to create some plugins and looking for some best framework for developing cross-browser extensions. I found Kango-framework. Can this framework flexible and good enough to create cross-browser extensions. Can you suggest some good framework and libraries to start building cross-browser extensions. – Mahi Feb 05 '19 at 17:44
  • @Mahi Oh man! That was six years ago :) ... As far as I remember, Kango was doing the job correctly. I just checked their website, and the last update was two years ago, and I assume the browsers did a lot of changes since then. You can give it a try! – Mahmoud M. Abdel-Fattah Feb 06 '19 at 06:59

1 Answers1

3

Change the script-src directive to have 'unsafe-eval' at the end.

script-src 'self' https://ssl.google-analytics.com https://connect.facebook.net 'unsafe-eval';

Note that this will lower the security of your extension as random strings of JavaScript can be executed.

abraham
  • 46,583
  • 10
  • 100
  • 152