Loading Profile...
Hello,
In the last week or so, I started getting this error on Facebook page with Chrome extension (ExtScriptText staging ID 22121):
Refused to connect to 'http://code.jquery.com/jquery-1.8.3.m...' because it violates the following Content Security Policy directive: "connect-src https://*.facebook.com http://*.facebook.com https://*.fbcdn.net http://*.fbcdn.net *.facebook.net *.spotilocal.com:* https://*.akamaihd.net ws://*.facebook.com:* http://*.akamaihd.net".
I don't get this error on google.com or other sites on Chorme I have tried. The extension loads script just fine on Firefox. How do I fix or get around this error?
Thanks in advance.
Help get this topic noticed by sharing it on
Twitter,
Facebook, or email.
Twitter,
Facebook, or email.
Facebook with Chrome error: Refused to connect to ... (loading script)
-
EMPLOYEE
1Vinay,
This is happening due to the HTML5 CSP policy which facebook started implementing.
(http://www.html5rocks.com/en/tutorial...)
Instead of injecting the script from the server you will need to either fetch the code as text and inject or uses resources API:
appAPI.request.get("http://yourdomain.com/script.js", function(text) {
appAPI.dom.addInlineJS(text)
});
OR:
>> appAPI.resources.includeJS("resource.js"); // this will fetch the code from resources and use dom.addInlineJS();
Also, I've seen in my tests that this HTML5 policy is being respected currently only by Chrome and not yet by other browsers.Comment -
-
Shmueli,
Thanks for explaining that. Is there a work around for JSONP (which uses the same script load method) as well?
Thanks again. -
-
-
-
Thanks Brian, Firefox also seems to have similar support (although it isn't needed at the moment)
https://developer.mozilla.org/en-US/d... -
