search

ebrehault / resurrectio

CasperJS test recorder Chrome extension
GNU General Public License v2.0
721 stars 106 forks source link

The script "violates the following Content Security Policy directive" #1

Closed j0k3r closed 12 years ago

j0k3r commented 12 years ago

When I enter the url and click on a button I got this error :

Refused to execute inline script because it violates the following Content Security Policy directive: 
"script-src 'self' chrome-extension-resource:".

I'm using Chrome 21.0.1155.2 dev-m on Windows XP.

ebrehault commented 12 years ago

I will try to run it on my WinXP VM and see.

ebrehault commented 12 years ago

ok, apparently it is related to the manifest version, as in https://github.com/ebrehault/resurrectio/issues/2 so it should be fixed now

Try it please.

ebrehault commented 12 years ago

I have tested. I confirm it is fixed.

lyricat commented 12 years ago

Hey dude, you just change manifest version from 2 to 1. however, chrome will deprecated the version 1 recently.

lyricat commented 12 years ago

FYI: http://code.google.com/chrome/extensions/contentSecurityPolicy.html

ebrehault commented 12 years ago

oh, too bad ok let's see how to fix that

lyricat commented 12 years ago

I am facing the same problem. In my project, I have to load scripts from extension package dynamically. But it seems new content security policy block the approach and have no idea to bypass. :(

ebrehault commented 12 years ago

actually version 1 will be supported until third quarter 2013: http://code.google.com/chrome/extensions/manifestVersion.html

and apparently, version 2 is not recommended for Chrome 17 or lower http://code.google.com/chrome/extensions/manifest.html

so I guess we need to stick with version 1 for now, no ?

lyricat commented 12 years ago

the current version of Chrome stable is v19 ... so ...

ebrehault commented 12 years ago

I use version 18. What does actually happen when using 19 ? A deprecation warning message ?

lyricat commented 12 years ago

I don't know. I use Chrome 21. it prompts a warning for it.

ebrehault commented 12 years ago

ok well I will try to find a way to make manifest version 2 work properly I have split HTMl and js, but apparently that's not enough...

lyricat commented 12 years ago

Hi, I have removed all inline-script in HTML, and a patch from @darkraven resolved my problem.

FYI: https://github.com/shellex/Hotot/commit/e725f5796c85ce84056c3769d954c33a6f636b07

ebrehault commented 12 years ago

thanks Actually, I did not realized inline-script had also to be removed from the pop-up. It works now.