gpt4 book ai didi

google-chrome - 拒绝执行内联脚本,因为它违反了以下内容安全策略指令 : "script-src ' self'"

转载 作者:行者123 更新时间:2023-12-03 22:38:45 24 4
gpt4 key购买 nike

我正在为 Rss 阅读器创建一个 chrome 扩展,因为我收到了上述错误。请帮忙

manifest.json

{
"name": "Tutorialzine Extension",
"manifest_version": 2,
"version": "1.1",
"description": "Making your first Google Chrome extension.",
"icons": {
"128": "icon_128.png"
},
"web_accessible_resources": ["script.js", "https://query.yahooapis.com"],
"browser_action": {
"default_icon": "icon.png",
"default_popup": "tutorialzine.html"
},
"permissions": ["tabs", "<all_urls", "http://localhost/",
"http://*/*", "https://*/*", "https://query.yahooapis.com"],
"content_security_policy": "script-src 'self'; 'https://query.yahooapis.com';unsafe-inline; object-src 'self'"
}

script.js

$(document).ready(function () {

var query = "SELECT * FROM feed WHERE url='http://feeds.feedburner.com/Tutorialzine' LIMIT 2";

// Storing the seconds since the epoch in now:
var now = (new Date()).getTime() / 1000;

// If there is no cache set in localStorage, or the cache is older than 1 hour:
if (!localStorage.cache || now - parseInt(localStorage.time) > 1 * 60 * 60) {
$.get("yahoo.js", function (msg) {

// msg.query.results.item is an array:
var items = msg.query.results.item;
var htmlString = "";

for (var i = 0; i < items.length; i++) {
var tut = items[i];

// Extracting the post ID from the permalink:
var id = tut.guid.content.match(/(\d+)$/)[0];

// Looping and generating the markup of the tutorials:

htmlString += '<div class="tutorial">\
<img src="http://tutorialzine.com/img/posts/' + id + '.jpg" />\
<h2>' + tut.title + '</h2>\
<p>' + tut.description + '</p>\
<a href="' + tut.link + '" target="_blank">Read more</a>\
</div>';
}

// Setting the cache
localStorage.cache = htmlString;
localStorage.time = now;

// Updating the content div:
$('#content').html(htmlString);
}, 'json');
} else {
// The cache is fresh, use it:
$('#content').html(localStorage.cache);
}
}

jquery.min.js 中的错误:

jquery.min.js 包含内联脚本要做什么

parentNode:d.removeChild(d.appendChild(s.createElement("div"))).parentNode===null,deleteExpando:true,checkClone:false,scriptEval:false,noCloneEvent:true,boxModel:null};b.type="text/javascript";try{b.appendChild(s.createTextNode("window."+f+"=1;"))}catch(i){}a.insertBefore(b,a.firstChild);if(A[f]){c.support.scriptEval=true;delete A[f]}try{delete b.test}catch(o){c.support.deleteExpando=false}a.removeChild(b);if(d.attachEvent&&d.fireEvent){d.attachEvent("onclick",function k(){c.support.noCloneEvent=

最佳答案

我在使用 LinkedIn oAuth API 时也遇到过此类问题。

我正在使用带有以下 Cordova 设置的linkedIn API

config.xml

 <access origin="*" launch-external="yes"/>
<allow-navigation href="*" />

元标记是

 <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">

脚本

<script type="text/javascript" src="http://platform.linkedin.com/in.js"></script>

当我在模拟器上运行应用程序时

enter image description here

修复了将 uri 添加到元标记中的问题 http://platform.linkedin.com喜欢

<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://platform.linkedin.com ">

关于google-chrome - 拒绝执行内联脚本,因为它违反了以下内容安全策略指令 : "script-src ' self'",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/17653384/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com