1

We are trying to load the script src='https://apis.google.com/js/platform.js' into our Chrome extension in order to access gapi (Google API). However, whenever we have <script src='https://apis.google.com/js/platform.js'></script> in our html file, we repeatedly get this error:

Refused to load the script 'https://apis.google.com/js/platform.js' because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."

We have tried several of the solutions from this StackOverflow Post, however none of them seemed to work. We are just trying to access the gapi library in order to search for YouTube videos.

EDIT: Here is our mainfest.json. "https://apis.google.com/js/" includes gapi that we are trying to include.

{
  "manifest_version": 2,
  "name": "Extension",
  "version": "0.1.0",
  "description": "Extension description",
  "browser_action": {
    "default_popup": "popup.html",
    "default_icon": {
        "16": "images/icon16.png",
        "24": "images/icon24.png",
        "32": "images/icon32.png"
    }
  },
    "content_scripts": [{
      "js": ["popup.js"],
      "matches": ["https://apis.google.com/js/"]
    }]
}

Any ideas on why this is? Thank you for the help!

tennis25
  • 99
  • 1
  • 2
  • 12
  • Show your manifest.json, specifically `content_security_policy`. Also make sure you've reloaded the extension on chrome://extensions page after editing manifest.json. – wOxxOm Jan 31 '21 at 06:33
  • @wOxxOm Thank you for your response! We have added the manifest.json above. – tennis25 Feb 01 '21 at 01:37
  • You have a violation message `...because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem:"`, it means your app uses non-default CSP. But I do not see [`content_security_policy` key](http://csplite.com/csp268/#default_CSP) in your web manifest. Is it your full web manifest? – granty Feb 02 '21 at 08:27

0 Answers0