javascriptgoogle-chrome-extensionjsoneditor

Scripts not getting loaded in the chrome extension


I checked the similar post How to set Content Security Policy in Chrome Extension Manifest.json in order for Firebase to work. I got the issue is related to CSP but however whats the policy I need to set is what I didn't get unfortunately.

I built a chrome extension which uses jsoneditor and that dependency creates this issue. When running the extension I am getting the following exception

Refused to load the script 'data:application/javascript;base64,....' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

and

Uncaught DOMException: Failed to execute 'importScripts' on 'WorkerGlobalScope': The script at 'data:application/javascript;base64,......' failed to load. at blob:chrome-extension://nlgocoglacibgkjnhaahkmepblhmelcp/765c13cb-44d4-480c-a6b1-29527766ae5e:1:1

In the SO question mentioned above urls like

https://cdn.firebase.com https://*.firebaseio.com; are included in content_security_policy.

In my example the script is not loaded from outside domain. How to set the right content_security_policy in this case?


Solution

  • The solution to the problem is the addition of script-src-elem 'self' data: blob:; in the content_security_policy in the manifest.json file.

    Mine looks like the following,

    "content_security_policy": "script-src 'self'; script-src-elem 'self' data: blob:; worker-src 'self' data: blob:; object-src 'self'"