All geek questions in one place

Dart Polymer Paper with Chrome App - (inline script CSP problems)

I am trying to use a dart package for a paper element and it works well when I launch it as a web page, but I have several CSPs when I launch it as a Chrome batch application . All of them belong to the built-in script of the package, and the user element is not displayed:

An inline script was denied because it violates the following content security policy directive: "default-src" self 'chrome-extension-resource: ". To enable inline execution, either the" insecure-inline "keyword or a hash (" sha256 - ... "), or nonce (" nonce -... "). Also note that 'script -src' was not explicitly installed, so 'default-src' is used as a backup. core-icon.html: 43

  • Has anyone used a dart paper item successfully in a chrome packaged app?
  • Is there any way to disable this csp from manifest?

Here is my sample project

+4
source share
2 answers

I had the same problem.

Short answer: "Use Grunt vulcanization, https://www.npmjs.org/package/grunt-vulcanize

Vulcanize extract inline javascript for external javascript file (.js). How to use here, https://github.com/polymerlabs/polymerchromeapp

Elements of paper paper do not have built-in javascript (couse, they are transferred to the dart.). But the problem lies in the polymer core, paper elements. See https://github.com/dart-lang/paper-elements/tree/master/lib/src

They still have built-in javascript. and they cause the CSP problem.

+1
source

I thought I read that this setting was removed from Polymer, but the README package still shows it

https://pub.dartlang.org/packages/polymer

transformers:
- polymer:
    entry_points:
    - web/index.html
    - web/index2.html
    csp: true

( ) https://code.google.com/p/dart/issues/detail?id=18011

Polymer.js , HtmlImports polyfill , . , .

+4

Source: https://habr.com/ru/post/1547496/

More articles:


All Articles