I am trying to add a FullStory to my extension.
index.tsx:
import * as React from "react";
import * as ReactDOM from "react-dom/client";
import * as FullStory from '#fullstory/browser';
import { MemoryRouter as Router, Routes, Route } from "react-router-dom";
import App from "./App";
FullStory.init({ orgId: 'my-id' });
const container = document.getElementById("root");
if (!container) throw new Error("Failed to find the root element");
const root = ReactDOM.createRoot(container);
root.render(
<React.StrictMode>
<Router>
<Routes>
<Route path="/*" element={<App />} />
</Routes>
</Router>
</React.StrictMode>
);
manifest.json:
{
"name": "My Extension",
"description": "My Extension",
"version": "1.0",
"manifest_version": 3,
"action": {
"default_popup": "index.html",
"default_title": "Open the popup"
},
"background": {
"service_worker": "./static/js/background.js"
},
"permissions": [
"storage",
"activeTab",
"tabs",
"identity",
"idle",
"management",
"notifications",
"power",
"topSites",
"webNavigation",
"webRequest",
"alarms"
],
"host_permissions": ["https://example.com/*"],
"icons": {
"16": "logo192.png",
"48": "logo192.png",
"128": "logo192.png"
},
"content_security_policy": {
"extension_pages": "script-src 'self'; script-src-elem 'self' https://edge.fullstory.com/s/fs.js; object-src 'self'"
}
}
It works when I run it in dev mode as a web page but when I run it as an extension I get an error:
Refused to load the script 'https://edge.fullstory.com/s/fs.js' because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
How can I fix it?
Related
I am trying to convert from MV2 to MV3 and I am getting this error from the service worker error logs:
Service worker registration failed
Uncaught ReferenceError: Worker is not defined
Here is my MV3 settings:
`{
"manifest_version": 3,
"name": "Blah",
"description": "Blah",
"version": "1.0.0",
"minimum_chrome_version": "93",
"action": {
"default_icon": "logo.png",
"default_popup": "popup.html"
},
"background": {
"service_worker": "js/background.js"
},
"content_scripts": [
{
"matches": ["file://*/*", "http://*/*", "https://*/*"],
"js": ["js/content.js"],
"run_at": "document_start",
"all_frames": true
}
],
"icons": {
"16": "icon-16.png",
"48": "icon-48.png",
"128": "icon-128.png"
},
"content_security_policy": {
"extension_pages": "script-src 'self'; object-src 'self'; worker-src 'self'"
},
"permissions": [
"scripting",
"clipboardWrite",
"tabs",
"activeTab",
"notifications",
"webRequest",
"proxy",
"storage",
"unlimitedStorage",
"alarms"
],
"host_permissions": [
"http://*/",
"https://*/",
"<all_urls>"
],
"web_accessible_resources": [
{
"resources": ["js/injected.js"],
"matches": ["*://*/*"]
}
]
}`
And here is the backgound script:
import { browser } from "webextension-polyfill-ts";
import { Request } from "#src/types";
import Extension from "./extension";
const app: Extension = new Extension();
try {
app.initialize().then(async () => {
// eslint-disable-next-line #typescript-eslint/no-unused-vars
browser.runtime.onMessage.addListener(async (request: Request, _) => {
try {
const res = await app.handle(request);
return [null, res];
} catch (e: any) {
return [e.message, null];
}
});
} catch (error) {
console.log("Error in backgound!!1");
}
Is there any missing configs in the background script or the MV3 json file?
It is an old bug when using nested web-worker with chrome extensions which is not supported yet: https://bugs.chromium.org/p/chromium/issues/detail?id=31666
I found the solution here: https://stackoverflow.com/a/33991381/9058556
It was simply installing https://github.com/dmihal/Subworkers package and importing it in my background.js script at the top.
Thanks #norio-yamamoto for trying to help me with this.
I'm developing a cross-browser extension which works in Chrome but not in Firefox - the background script is not loading.
I tried console.log in background.js and sending a message to the content script and logging message there.
background.js
browser.action.onClicked.addListener(async function (tab) {
console.log("clicked on extension icon");
browser.tabs.sendMessage(tab.id, { text: "toggle_overlay" })
});
js/content.js
...
browser.runtime.onMessage.addListener(function (msg, sender, sendResponse) {
console.log("message received", msg)
});
Content script works as expected on all code that's not depended on background.js
Folder structure
manifest.json (had to downgrade to v2 because Firefox doesn't support v3 yet)
{
"name": "Dev Mode",
"description": "Dev Mode",
"version": "0.0.1",
"manifest_version": 2,
"icons": {
"16": "./imgs/icon-16-dark.png",
"48": "./imgs/icon-48.png",
"128": "./imgs/icon-128.png"
},
"permissions": [
"activeTab",
"contextMenus",
"bookmarks",
"scripting",
"storage",
"<all_urls>"
],
"background": {
"scripts": ["background.js"],
"persistent": false // <-- also tried without, same result - background script doesn't lod
},
"browser_action": {
"default_icon": "./imgs/icon-16-dark.png",
"default_title": "Default Title"
},
"commands": {
"save-page": {
"suggested_key": {
"default": "Ctrl+Shift+S",
"mac": "Command+Shift+S"
},
"description": "some description"
}
},
"content_security_policy": "script-src 'self'; object-src 'self'; sandbox allow-scripts; script-src 'self' https://apis.google.com https://www.gstatic.com https://www.googleapis.com https://securetoken.googleapis.com; object-src 'self'",
"web_accessible_resources": [ "imgs/*.png", "overlay.html"],
"content_scripts": [
{
"matches": [
"<all_urls>"
],
"js": [
"/js/content.js"
],
"run_at": "document_end",
"all_frames": false
}
]
}
I'm testing the Firefox extension with web-ext run to test the extension locally.
The correct API for this in Manifest v2 is browserAction instead of action that is only available in MV3.
So to fix it, in your background.js, switch to
browser.browserAction.onClicked.addListener
browser.action in Firefox is available in MV3. Your extension uses MV2 i.e. "manifest_version": 2,
Note: This API is available in Manifest V3 or higher.
Note: MV3 support is very limited in Firefox at the moment.
After realizing about the delay that comes with having a hosting permission verified, I decided to it take out. My new manifest.json is:
{
"manifest_version": 2,
"name": "Daily",
"description": "Manage your calendars smarter!",
"content_security_policy": "script-src 'self' https://ajax.googleapis.com; object-src 'self'",
"version": "0.1.0",
"icons":{
"16": "logo-16.png",
"48": "logo-48.png",
"128": "logo-128.png"
},
"browser_action": {
"default_popup": "popup.html"
},
"web_accessible_resources": [
"scripts/audio_file.wav", "reminder.html"
],
"permissions": [
"storage",
"identity.email",
"tabs",
"https://www.example.com/yzs",
"https://www.example.com/xyz"
],
"background": {
"scripts": ["jquery-3.5.1.min.js", "background.js", "flipclock-min.js", "script.js"],
"persistent": false
}
}
Yet in the developer console I am required to justify why I am using hosting permission. I tried even starting a new process hoping it wouldn't ask anymore but nothing changed. Why is this?
I'm trying to implement firebase authentication for a chrome extension. I can sign in using email and password, but I can't get the social logins to work (google and facebook)
here is the error message:
Refused to load the script 'https://apis.google.com/js/api.js?onload=__iframefcb541553' because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
manifest.json
{
"manifest_version": 2,
"name": "...",
"description": "...",
"version": "0.0.0.1",
"icons": {},
"background": {
"scripts": [
"event.js"
],
"persistent": true
},
"permissions": ["tabs", "https://*/*","activeTab"],
"browser_action": {
"default_title": "...",
"default_popup": "popup.html"
},
"content_scripts": [
{
"matches": ["*://*/*"],
"css": [],
"js": ["content.js"]
}
],
"content_security_policy": "script-src 'self' https://apis.google.com; object-src 'self';"
}
signin
handleSocialLogin(provider) {
return () => {
auth
.signInWithPopup(provider)
.then(user => {
this.props.onUserChange(user)
localStorage.setItem('user', JSON.stringify(user))
})
.catch(error => this.setState({ error }))
}
}
Following is my manifest.json:
{
"name": "gitvote",
"version": "1.0",
"manifest_version": 2,
"description": "for git vote",
"icons": {
"128": "icons/icon.png"
},
"permissions": [
"https://github.com/*",
"https://gitlab.com/*",
"storage"
],
"optional_permissions": [
"<all_urls>"
],
"background": {
"scripts": [ "background.js" ],
"persistent": false
},
"content_security_policy": "script-src 'self' https://ajax.googleapis.com; object-src 'self'"
}
When I run it as a chrome extension, an error:
'Refused to load the font 'data:font/woff;base64,d09GRgABAAAAAJd6ABIAAAABdegAAAAAAACWIAAAAVoAAAKDAAAAA…SYUnjpYfcSDw49uhYFPVe8dHZcYGS7Cfk4MMJ7zwjznvGw3PMA2Oo6+tf/wpSdPlSR/ADe7uPx' because it violates the following Content Security Policy directive: "font-src assets-cdn.github.com".' in manifest.json.1 occurs.
I don't understand why the error occurs in manifest.json.1.
Thank you.