1

I am creating a Chrome-extension and I want to inject a Javascript file in DOM from content.js file , But after injecting JS file I am getting Cross-Origin Read Blocking (CORB) blocked cross-origin response https://raw.githubusercontent.com/avinashiitb/bookmark-preview/main/injectScript.js

The idea behind to inject injectScript.js is to write a custom event in DOM and pass that event to content.js script

Manifest.Json

{
   "manifest_version": 2,
   "name": "Preview & Bookmark",
   "author": "Aviansh",
   "version": "0.001",
   "content_scripts": [
       {
           "matches": ["*://*/*"],
           "js": [
               "content.js"
           ],
           "css": [
               "style.css"
           ]
       }
   ],
   "background": {
       "scripts": [
           "background.js"
       ]
   },
   "web_accessible_resources": [
       "inject-script.js"
   ],
   "browser_action": {},
   "permissions": [
       "storage",
       "*://*/*"  
   ]
}

Content.js

function injectScript(file_path, tag) {
    var node = document.getElementsByTagName(tag)[0];
    var script = document.createElement('script');
    script.setAttribute('type', 'text/javascript');
    script.setAttribute('src', file_path);
    node.appendChild(script);
}

injectScript("https://raw.githubusercontent.com/avinashiitb/bookmark-preview/main/injectScript.js", 'body');

injectScript.js

alert("Hi");
sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Avinash A
  • 665
  • 1
  • 7
  • 22
  • The question was marked as duplicated with https://stackoverflow.com/questions/70981059/in-chrome-extension-getting-corb-error-on-injecting-external-script. That question was made ten years ago. Please remove the duplicated label. CORB's issue with the chrome extension has been far more complicated to fix since a year ago. So answers before a 2021 have no value – Sebastian Oscar Lopez Nov 05 '22 at 15:49
  • This specific question is an exact duplicate because of the goal for which the script is injected. This is not about general CORB problems. – wOxxOm Nov 05 '22 at 16:18

1 Answers1

0
  1. Download the script from the remote URL into your extension directory.
  2. Rename it to inject-script.js
  3. Run it as shown in method 1 here:
var s = document.createElement('script');
s.src = chrome.runtime.getURL('inject-script.js');
s.onload = function() {
    this.remove();
};
(document.head || document.documentElement).appendChild(s);
wOxxOm
  • 65,848
  • 11
  • 132
  • 136
  • This does not work since some years ago. Notice the questions ask how to fix the CORB (Cross-Origin Read Blocking) issue. This security was added since Chrome 72. – Sebastian Oscar Lopez Nov 05 '22 at 15:54
  • It works now just as it always did - to solve the specific goal of injecting in page context. This is not related to general problems with CORB. – wOxxOm Nov 05 '22 at 16:20