In my crossrider extension I am adding remote JS on gmail page using following api.
appAPI.dom.addRemoteJS({
url: "https://myserver.com/JS/myJs.min.js",
additionalAttributes: {charset: "UTF-8"},
callback: function(ref) {
}
This was a working extension code. Due to gmail's content security policy , code has stopped working and giving following message in firefox: Content Security Policy: The page's settings blocked the loading of a resource at https://myserver.com/JS/myJs.min.js (script-src )
Is there any workaround to load js from remote url.
Looks like a CSP protection issue. You can try working around the issue by injecting the script instead, e.g.
appAPI.request.get({
url: 'https://myserver.com/JS/myJs.min.js';,
onSuccess: function(result) {
var s = document.createElement('SCRIPT');
s.type = 'text/javascript';
s.charset = 'UTF-8';
s.text = result;
document.head.appendChild(s);
}
});
[Disclosure: I am a Crossrider employee]