简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Q&A  >  body text

Violation of Content Security Policy directive: Inline script does not comply with the "script-src 'self'" specification

<p>I use <code>react-create-app</code> to build my Chrome extension. When I use <code>npm run build</code> in react-create-app, I get the following error: </p> <blockquote> <p>Execution of the inline script is denied because it violates the following Content Security Policy directive: "script-src 'self'". To enable inline execution, use the "unsafe-inline" keyword, a hash ('sha256-5='), or a one-time nonce ('nonce-...'). </p> </blockquote> <p>Error in<code>index.html</code></p> <pre class="brush:php;toolbar:false;"><!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8" /> <link rel="shortcut icon" href="%PUBLIC_URL%/favicon.ico" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="theme-color" content="#000000" /> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css" /> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va PmSTsz/K68vbdEjh4u" crossorigin="anonymous" /> <!-- Manifest.json provides metadata that is used when your web application is installed on a user's mobile device or desktop. See https://developers.google.com/web/fundamentals/web-app-manifest/ --> <link rel="manifest" href="%PUBLIC_URL%/manifest.json" /> <!-- Note the use of %PUBLIC_URL% in the tag above. During the build process it will be replaced with the URL of the `public` folder. Only files in the `public` folder can be referenced from HTML. Unlike "/favicon.ico" or "favicon.ico", "%PUBLIC_URL%/favicon.ico" will work correctly on client routes and non-root public URLs. Run `npm run build` to learn how to configure non-root public URLs. --> <title>React App</title> </head> <body> <noscript>You need to enable JavaScript to run this application. </noscript> <div id="root"></div> <!-- This HTML file is a template. If you open it directly in your browser, you will see a blank page. You can add web fonts, meta tags or analytics in this file. The build step will put the bundled scripts into `` tags. To start development, run `npm start` or `yarn start`. To create a production bundle, use `npm run build` or `yarn build`. --> </body> </html></pre> <p><strong>manifest.json</strong></p> <pre class="brush:php;toolbar:false;">{ "manifest_version": 2, "name": "IC Project chrome extension", "description": "This extension is a starting point to create a real Chrome extension", "version": "0.0.1", "browser_action": { "default_popup": "index.html", "default_title": "Open the popup" }, "icons": { "16": "assets/icon-128.png", "48": "assets/icon-128.png", "128": "assets/icon-128.png" }, "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'" }</pre> <p><br /></p>
P粉276064178P粉276064178432 days ago515

reply all(1)I'll reply

  • P粉447785031

    P粉4477850312023-08-16 13:58:19

    After a few frustrating hours, I found a solution that works. Running scripts differs between Mac and PC. A lot of the answers I found had the difference with "set" and without "set". Some with "&&", some without... but none of them work for me.

    In short: use the "cross-env" npm package like this: 

    cross-env INLINE_RUNTIME_CHUNK=false react-scripts build

    This works on PC, probably on Mac too. Of course, you need to npm install --save-dev cross-env before doing this.

    reply
    0
  • Cancelreply