I have a problem which took a lot of my time and I could not fix it. I am creating a Google Extension which is calling my external php site and loads the content into the popup.html. I want to call an onclick event inside the PHP file. I already outsourced all my Javascript to other files and so on, even tried the sha256-base64 hash whitelisting method in the manifest.json. But just no success. I do not even calling a explixit JS function and is already throwing me the issue.
<button type="button" >Close</button>
When I have this piece of content in my PHP, no problem. As soon as I am adding the onclick event without even calling a function like:
<button type="button" onclick="">Close</button>
it instantly quit on me and throws me this lovely issue:
Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' 'sha256-u4fpnyicwKzED/rrGkvPelaHaL8QpPK1JvQxbQ8iCg4=' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution
I am clueless. Anyone has any idea? Already tried everything I found. No success.
