problem about content-security-policy-Collection of common programming errors

11 years ago

admin

2 minutes

sgrove
google-chrome-extension firebase content-security-policy
I’m trying to use Firebase in a Chrome extension background page, but it looks like it’s executing inline-scripts, which isn’t allowed because of security concerns.I’ve currently set the CSP to:{“content_security_policy”: “script-src ‘self’ https://cdn.firebase.com https://<my-subdomain>.firebaseio.com; object-src ‘self'”}I’m able to load the initial Firebase script, but upon calling new Firebase(‘my-firebase-url’), I get the following error:Refused to execute inline script because it viol
Josh Lee
google-chrome-app mathjax content-security-policy
I am trying to use MathJax in Chrome Packaged app. It is not loading at all giving the following error :Uncaught EvalError: Refused to evaluate a string as JavaScript because ‘unsafe-eval’ is not an allowed source of script in the following Content Security Policy directive: “default-src ‘self’ chrome-extension-resource:”.How can I make it work?EDITIT is showing this line to be the problem in the libraryvar CONSTRUCTOR = function () {return new Function (“return arguments.callee.Init.call(this,a
Mike West
javascript onload content-security-policy
Do not understand the the effect of the policy I specify at my site http://pcrypt.org/dev/groups.php.header(“X-Content-Security-Policy: allow ‘self’; img-src *; script-src ‘self’; frame-src ‘self’; style-src ‘self’;”);If I disallow inline scripts how do I then call a function. In the page I have tried to call a function located in a js file on the server from onload (body onload=’initialize()’) but it generate this error (sorry in Danish):Advarsel: CSP: Directive “inline script base restriction”

Web site is in building