I'm trying to build a page action extension and need to load an external JavaScript library from the popup (it needs to come from the external domain so that the correct cookies are sent).
However I get this error message:
Refused to load script from 'http://api.flattr.com/js/0.6/load.js?mode=auto' because of Content-Security-Policy.
Is there any way around this?
Using scripts via plain HTTP is no longer allowed for security reasons. See this issue.
From linked page:
Yeah, we're no longer allowing insecure scripts in extensions. If you load a script over HTTP, an active network attacker can inject script into your extension, which is a security vulnerability.
One suggested solution is to link the scripts via HTTPS where possible. Another one is to include the script with the plugin itself.
