In the "Migrating to Manifest v3" article, it says that the directives, one of them being script-src, may have "only the following values" which then goes on to list "self" however I used that in my code and I still got the error "
'content_security_policy.extension_pages': Insecure CSP value "https://js.pusher.com/4.2/pusher.min.js" in directive 'script-src'."
{
"manifest_version": 3,
"name": "Real-time NFL score",
"version": "1.0",
"description": "A simple Chrome extension to simulate the NFL scores in real-time",
"content_security_policy": {
"extension_pages": "script-src 'self' https://js.pusher.com/4.2/pusher.min.js https://stats.pusher.com; object-src 'self'"
},
"action": {
"default_icon": "./img/icon.png",
"default_popup": "popup.html"
},
"permissions": ["notifications", "activeTab"]
}
Related
This is my manifest file -
{
"manifest_version": 3,
"name": "Title",
"version": "1.0",
"description": "Description",
"action": {
"default_title": "Title",
"default_popup": "popup.html"
},
"content_security_policy": {
"script-src": [
"'self'",
"https://use.fontawesome.com/9cd1c736ac.js"
],
"object-src": "self"
},
"web_accessible_resources": [
{
"resources": [
"botScript.js"
],
"matches": [],
"extension_ids": []
}
],
"icons": {
"16": "icons/icon16.png",
"32": "icons/icon32.png",
"48": "icons/icon48.png",
"128": "icons/icon128.png"
}
}
The following is for manifest version-2 and doesn't work for version-3:
"content_security_policy": "script-src 'self' https://example.com ; object-src 'self'",
And I have tried the following variations as well -
"content_security_policy": {
"script-src": "'self' https://use.fontawesome.com/9cd1c736ac.js",
"object-src": "self"
}
"content_security_policy": {
"script-src": "self",
"script-src-elem": "https://use.fontawesome.com/9cd1c736ac.js",
"object-src": "self"
},
The documentation says
Manifest V3 does not allow remote URLs in script-src of extension_pages.
So, does this mean, we can't use any external script in V3 at all?
Also, I get the following error:
Refused to load the script 'https://use.fontawesome.com/9cd1c736ac.js' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
You are not allowed to reference an external JavaScript in the Manifest V3 Chrome extension. If you publish it to the Chrome Web Store, the team will reject that update.
In Manifest V3, all of your extension's logic must be included in the
extension. You can no longer load and execute a remotely hosted file.
Source: https://developer.chrome.com/docs/extensions/mv3/mv3-migration/#:~:text=In%20Manifest%20V3%2C%20all%20of%20your%20extension%27s%20logic%20must%20be%20included%20in%20the%20extension.%20You%20can%20no%20longer%20load%20and%20execute%20a%20remotely%20hosted%20file.
im trying to create a chrome extension for my company's web app, but upon reading the docs i couldnt find any permission or chrome api that allows a chrome extension to access the webcam, all i could see were permissions to record screens. is there anyway a chrome extension can access a users webcam? or i would have to look for other means.
my manifest.json:
{
"name": "Intaclips",
"description": "Intaclips chrome extension for intaviewer",
"version": "0.1.0",
"manifest_version": 2,
"icons":{
"19": "./icons/icon-19.png",
"32": "./icons/icon-32.png",
"48": "./icons/icon-48.png",
"128": "./icons/icon-128.jpg"
},
"background": {
"scripts": ["./background.js"]
},
"options_page": "./options.html",
"browser_action": {
"default_popup": "popup.html"
},
"permissions": [
"tabs",
"unlimitedStorage",
"activeTab",
"clipboardWrite",
"cookies",
"storage",
"https://www.app.intaviewer.com/*",
"https://www.google.com/*",
"https://www.linkedin.com/*"
],
"content_security_policy": "script-src 'self' https://static.opentok.com/v2/js/opentok.min.js; object-src 'self'"
}
Help in solving this issue will be well appreciated
I think you have to use a third party library like "p5.js"
I have background JS script, has written on Angular 2. When I run extension I have got this permission notification:
compiler.js:34069 Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:".
manifestfile is:
{
"manifest_version": 2,
"name": "Getting started example",
"description": "This extension allows the user to change the background color of the current page.",
"version": "1.0",
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
"browser_action": {
"default_icon": "icon.png",
"default_popup": "index.html",
"default_title": "Click here!"
},
"permissions": [
"activeTab",
"storage"
]
}
Which changes I should do?
Is it possible to open your chrome extension on a new tab? I would like to be able to create a chrome browser that has same approach like the bookmark manager. See figure 1.0 below
I would like my application to like/have an address
chrome://personalize_calendar_stuff
is that possible? I can't find on the manifest references.
Thanks to #wOxxOm for giving me an idea.
I added this script on my index.js
chrome.browserAction.onClicked.addListener(function(){
chrome.tabs.create({url: "main.html"});
})
and on below is an example of manifest file I used.
{
"name" : "Testing Chrome",
"version": "1.0",
"background":
{
"scripts": ["index.js"]
},
"description": "A testing example app",
"permissions":[
"tabs",
],
"content_security_policy": "script-src 'self'; object-src 'self'",
"browser_action": {
"default_title": "testing chtome",
"default_icon": "icon.png"
},
"manifest_version": 2
}
I've made a Chrome extension and set a browser_action in my manifest. This puts a little icon in the browser bar, and then clicking that runs background.js which opens the app in a new tab.
However, I notice that on the web store, my app icon is listed inside a little jigsaw piece, and it doesn't appear on the Chrome New Tab page like other 'apps' I've installed.
Do I need to set something specific in my manifest.json file for it to be listed as an 'app' instead of an extension? Is there any benefit to even making it an app apart from removing the jigsaw piece and having it listed on the new tab page?
Here's my manifest.json file:
{
"manifest_version": 2,
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
"name": "Super Simple Tasks",
"description": "A very simple tasks app that uses localStorage.",
"version": "1.1",
"icons": {
"16": "img/icon16.png",
"48": "img/icon48.png",
"128": "img/icon128.png"
},
"permissions": [
"tabs",
"storage"
],
"offline_enabled": true,
"background": {
"scripts": ["background.js"]
},
"browser_action": {
"default_icon": "img/icon19.png",
"default_title": "Super Simple Tasks"
}
}
You need to specify that it is an app:
"app": {...},
This will explain how to format your manifest: https://developer.chrome.com/trunk/apps/manifest.html