I'm trying to add the sharethis buttons to popup.html and the following errors appear:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.sharethis.com". Either the 'unsafe-inline' keyword, a hash ('sha256-9kQ6Bjy+HAjxIkWKadVLttYAH2WuOVEKCHY7pnlgMz0='), or a nonce ('nonce-...') is required to enable inline execution.
This is my conf: "content_security_policy": "script-src 'self' 'unsafe-eval' https://*.sharethis.com; object-src 'self'"
has anyone managed to get those buttons appear?
thanks
unsafe-eval is used for relaxing eval functions, like setTimeout(String), setInterval(String) and new Function(String).
unsafe-inline would have no effect, according to Official Guide,
Up until Chrome 45, there was no mechanism for relaxing the restriction against executing inline JavaScript. In particular, setting a script policy that includes 'unsafe-inline' will have no effect.
And for Chrome > 46,
inline scripts can be whitelisted by specifying the base64-encoded hash of the source code in the policy. This hash must be prefixed by the used hash algorithm (sha256, sha384 or sha512). See Hash usage for elements for an example.