0

I'm building a chrome extension that loads add-ons to a browser game. The html/javascript is like this

      <script>
          function loadMod() {
            Game.LoadMod('link')
          }
          etc...

      </script>

      <button onclick = loadMod()>Load Mod</button>

A change to the content_security_policy is needed to do this, so I added this to the manifest.json file.

"content_security_policy": "script-src 'self' 'sha256-hashOfEverythingInScriptTags'; object-src 'self'",

(other settings)

When I attempt to load the chrome extension, I get an error that there is an invalid value for content_security_policy. I checked the documentation and it seems like it should work, I'm wondering what I'm doing wrong.

Sam Fondacaro
  • 48
  • 6
  • 1
    The documentation is broken, use [the migration guide](https://developer.chrome.com/docs/extensions/mv3/intro/mv3-migration/#content-security-policy) instead. The CSP is now an object. – wOxxOm Jun 24 '21 at 18:03
  • @wOxxOm Thank you for the answer, I have this other thing I can't figure out. How would I add the url https://orteil.dashnet.org/cookieclicker/ to my permissions? I can't figure out how to format it properly – Sam Fondacaro Jun 25 '21 at 00:09
  • Loading external code is forbidden in ManifestV3 by design. You'll have to download all scripts, include them in the extension's directory, then run them just like you run your own extension scripts. – wOxxOm Jun 25 '21 at 03:43
  • @wOxxOm I figured out a good way to do it, thanks for the help. While I have you, everything is working except one thing. I'm loading the mod with the game's built in method, Game.LoadMod('link'). However, when the code is injected into the page, it doesn't recognize the Game object. Do you know how I can fix this? – Sam Fondacaro Jun 25 '21 at 03:47
  • See [Use a content script to access the page context variables and functions](https://stackoverflow.com/a/9517879) – wOxxOm Jun 25 '21 at 04:01

0 Answers0