All geek questions in one place

How to load external javascript inside extension popup

I am trying to create an extension of an action on a page and I need to load an external JavaScript library from a pop-up window (it must come from an external domain in order to send the correct cookies).

However, I get this error message:

Failed to load script from 'http://api.flattr.com/js/0.6/load.js?mode=auto' due to Content-Security-Policy.

Is there any way around this?

+6
source share
1 answer

Scripting over plain HTTP is no longer allowed for security reasons. See this problem .

From the linked page:

Yes, we no longer allow unsafe scripts in extensions. if you download the script via HTTP, an active network attacker could inject the script into your extension, which is a security vulnerability.

One suggested solution is to link scripts using HTTPS where possible. Another is to include a script with the plugin itself.

+2
source

Source: https://habr.com/ru/post/903609/

More articles:


All Articles