1

I'm trying to create a google extension and get events back from my calendar using google calendar API, following this JavaScript Quickstart . The problem is when I use the extension, the console gave back this error

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src-elem script-src 'self' https://apis.google.com https://accounts.google.com/gsi/client". Either the 'unsafe-inline' keyword, a hash ('sha256-pI/ySU4r4cVLaARgTBReFoMKXEWbRpEV8/bixrOT+MM='), or a nonce ('nonce-...') is required to enable inline execution.

And here is my manifest.json

{
  "name": "Custom Newtab",
  "description": "Personalized override of Chrome New Tab page.",
  "version": "1.0",
  "manifest_version": 2,
  "chrome_url_overrides": { "newtab": "bruh.html" },
  "oauth2": {
    "client_id": "__clientID__",
    "scopes": [
      "profile email",
      "https://www.googleapis.com/auth/contacts",
      "https://www.googleapis.com/auth/calendar",
      "https://www.googleapis.com/auth/calendar.readonly"
    ]
  },
  "content_security_policy": "script-src-elem script-src 'self' https://apis.google.com https://accounts.google.com/gsi/client; object-src 'self'",
  "permissions":  [
    "identity",
    "identity.email"
  ]
}

The bruh.html is exactly the same as this Step 1: Set up the sample.

What am I missing, and how can I solve this?

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
Bach Tran
  • 63
  • 5
  • there are a number of questions already relating to this error message. https://stackoverflow.com/q/71471602/1841839 https://stackoverflow.com/q/66241793/1841839 https://stackoverflow.com/q/58652892/1841839 even this. https://github.com/google/google-api-javascript-client/issues/463 – Linda Lawton - DaImTo Jul 24 '22 at 18:24
  • I've read all but I can't seem to solve my problem. Can you explain to me more on how to solve this? – Bach Tran Jul 25 '22 at 05:27

0 Answers0