【发布时间】:2018-05-21 00:15:53
【问题描述】:
我正在尝试向 Sec Gov 页面制作简单的 XMLHTTPRequest。
Refused to connect to 'https://www.sec.gov/cgi-bin/browse-edgar?CIK=LEL&Find=Search&owner=exclude&action=getcompany&count=100' because it violates the following Content Security Policy directive: "connect-src *://localhost:3000 https://www.sec.gov/*".
render @ TickerTableInfo.js?420e:36
使用React redux chrome extension boilerplate
manifest.json 看起来像这样。
{
"version": "0.0.0",
"name": "react-chrome-extension-example",
"manifest_version": 2,
"description": "Example for react-chrome-extension-boilerplate",
"browser_action": {
"default_title": "React Chrome Extension Example",
"default_popup": "popup.html"
},
"icons": {
"16": "img/icon-16.png",
"48": "img/icon-48.png",
"128": "img/icon-128.png"
},
"web_accessible_resources": [
"inject.html"
],
"background": {
"page": "background.html"
},
"permissions": [ "contextMenus", "management", "tabs", "storage", "https://github.com/*", "https://www.sec.gov/*" ],
"content_security_policy": "default-src 'self' https://www.sec.gov/*; script-src 'self' http://localhost:3000 https://localhost:3000 'unsafe-eval'; connect-src *://localhost:3000 https://www.sec.gov/*; style-src * 'unsafe-inline' 'self' blob:; img-src 'self' data:;"
}
【问题讨论】:
-
从 CSP 字符串中删除所有
/*。
标签: google-chrome-extension xmlhttprequest