Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSP issues on Chrome 130+ #23

Open
MJBlack9000 opened this issue Dec 11, 2024 · 2 comments
Open

CSP issues on Chrome 130+ #23

MJBlack9000 opened this issue Dec 11, 2024 · 2 comments

Comments

@MJBlack9000
Copy link

When loading blank.org I'm greeted with a blank page and a console error:

content-script-loader.main.tsx.js:7 Refused to load the script 'chrome-extension://34ce7500-db6a-4957-a6e7-4b14953e21d6/assets/main.tsx-M-XeBlDr.js' because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Workaround:
set "use_dynamic_url": false in dist/manifest.json

As far as I've gathered, there's no simple way to just tell crxjs to set "use_dynamic_url" to false. But I could be wrong, and I only did limited amount of research

Some helpful references:
crxjs/chrome-extension-tools#918
pnd280/complexity#7

P.S. Thank you for this project. A very useful out-of-the-box solution, nvm the bug above.
@MJBlack9000
Copy link
Author

MJBlack9000 commented Dec 11, 2024
edited
Loading

The quickest fix I could come up with [after trying a bunch of things with Vite's plug-ins & unsuccessfully following your HackIssue846 example], the quickest fix I came up with is to modify package.json's build:
"build": "tsc && vite build && sed -i 's/\"use_dynamic_url\": true/\"use_dynamic_url\": false/g' dist/manifest.json",
Obviously, this will only work on Unixes and even there - there might be some compatibility options between sed builds. But it works well for me on Linux.

@sage31
Copy link

sage31 commented Dec 15, 2024

Thanks MJ, heres a platform agnostic solution for windows users too

Inside update-manifest.js (in root directory)

import fs from "fs";
import path from "path";
const __dirname = import.meta.dirname;

const manifestPath = path.join(__dirname, "dist", "manifest.json");
const manifest = fs.readFileSync(manifestPath, "utf8");
const updatedManifest = manifest.replace(
  '"use_dynamic_url": true',
  '"use_dynamic_url": false'
);
fs.writeFileSync(manifestPath, updatedManifest, "utf8");
console.log("Updated manifest.json");

Inside package.json modify script:
"build": "tsc && vite build && node update-manifest.js",

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MJBlack9000 @sage31