0

I have an extension, which uses Bootstrap.js. When user clicks extension icon, in my content script I make some calculations and then open up a bootstrap modal window with an iframe inside. Iframe always points at one domain which works over https and I want user work with this site inside iframe.

Now it works perfectly with http-sites and sometimes it works with https-sites also, but usually I get errors like

Refused to frame 'https://mysite.com' because it violates the following Content Security Policy directive: "default-src http://examplecom https://example.com" or Refused to frame 'https://mysite.com' because it violates the following Content Security Policy directive: "frame-src 'none'.

Is there any solution to make it work?

Update: manifest.json

   {
    "name": "MyExtension",
    "version": "1",
    "description": "My chrome extension",
    "browser_action": {
        "default_popup": "popup.html"
    },
    "content_scripts": [{
        "matches": ["http://*/*", "https://*/*"],
        "css": [
            "style.css"
        ],
        "js": [
            "bower_components/jquery/dist/jquery.js",
            "bower_components/bootstrap/dist/js/bootstrap.js",
            "content.js"
        ],
        "all_frames": true
    }],
    "permissions": [
        "activeTab",
        "https://127.0.0.1:8443/"
    ],
    "manifest_version": 2

    }
jenush
  • 173
  • 1
  • 1
  • 6
  • @rob-w sorry, didn't see this question before, and it really helped. But I have one more question, is it possible to send message from content.js to frame.html? I need source url in that frame to have GET parameters which I calculate in content script – jenush Nov 10 '14 at 05:10
  • You could add data to the iframe URL (e.g. `frame.html?whateverdata`) or use `window.postMessage`. Both could be spoofed by the page, so if that is concerning, then you send a message to the background page, and upon receiving a reply, you insert the iframe which sends another message to the background. – Rob W Nov 10 '14 at 09:25

0 Answers0