Extension refused to load the font in manifest.json.1 - google-chrome-extension

Following is my manifest.json:
{
"name": "gitvote",
"version": "1.0",
"manifest_version": 2,
"description": "for git vote",
"icons": {
"128": "icons/icon.png"
},
"permissions": [
"https://github.com/*",
"https://gitlab.com/*",
"storage"
],
"optional_permissions": [
"<all_urls>"
],
"background": {
"scripts": [ "background.js" ],
"persistent": false
},
"content_security_policy": "script-src 'self' https://ajax.googleapis.com; object-src 'self'"
}
When I run it as a chrome extension, an error:
'Refused to load the font 'data:font/woff;base64,d09GRgABAAAAAJd6ABIAAAABdegAAAAAAACWIAAAAVoAAAKDAAAAA…SYUnjpYfcSDw49uhYFPVe8dHZcYGS7Cfk4MMJ7zwjznvGw3PMA2Oo6+tf/wpSdPlSR/ADe7uPx' because it violates the following Content Security Policy directive: "font-src assets-cdn.github.com".' in manifest.json.1 occurs.
I don't understand why the error occurs in manifest.json.1.
Thank you.

Related

Why is the background script not loading on Firefox add-on (works on Chrome)?

I'm developing a cross-browser extension which works in Chrome but not in Firefox - the background script is not loading.
I tried console.log in background.js and sending a message to the content script and logging message there.
background.js
browser.action.onClicked.addListener(async function (tab) {
console.log("clicked on extension icon");
browser.tabs.sendMessage(tab.id, { text: "toggle_overlay" })
});
js/content.js
...
browser.runtime.onMessage.addListener(function (msg, sender, sendResponse) {
console.log("message received", msg)
});
Content script works as expected on all code that's not depended on background.js
Folder structure
manifest.json (had to downgrade to v2 because Firefox doesn't support v3 yet)
{
"name": "Dev Mode",
"description": "Dev Mode",
"version": "0.0.1",
"manifest_version": 2,
"icons": {
"16": "./imgs/icon-16-dark.png",
"48": "./imgs/icon-48.png",
"128": "./imgs/icon-128.png"
},
"permissions": [
"activeTab",
"contextMenus",
"bookmarks",
"scripting",
"storage",
"<all_urls>"
],
"background": {
"scripts": ["background.js"],
"persistent": false // <-- also tried without, same result - background script doesn't lod
},
"browser_action": {
"default_icon": "./imgs/icon-16-dark.png",
"default_title": "Default Title"
},
"commands": {
"save-page": {
"suggested_key": {
"default": "Ctrl+Shift+S",
"mac": "Command+Shift+S"
},
"description": "some description"
}
},
"content_security_policy": "script-src 'self'; object-src 'self'; sandbox allow-scripts; script-src 'self' https://apis.google.com https://www.gstatic.com https://www.googleapis.com https://securetoken.googleapis.com; object-src 'self'",
"web_accessible_resources": [ "imgs/*.png", "overlay.html"],
"content_scripts": [
{
"matches": [
"<all_urls>"
],
"js": [
"/js/content.js"
],
"run_at": "document_end",
"all_frames": false
}
]
}
I'm testing the Firefox extension with web-ext run to test the extension locally.

The correct API for this in Manifest v2 is browserAction instead of action that is only available in MV3.
So to fix it, in your background.js, switch to
browser.browserAction.onClicked.addListener

browser.action in Firefox is available in MV3. Your extension uses MV2 i.e. "manifest_version": 2,
Note: This API is available in Manifest V3 or higher.
Note: MV3 support is very limited in Firefox at the moment.

Chrome webstore asking for Host permission justification despite not having it

After realizing about the delay that comes with having a hosting permission verified, I decided to it take out. My new manifest.json is:
{
"manifest_version": 2,
"name": "Daily",
"description": "Manage your calendars smarter!",
"content_security_policy": "script-src 'self' https://ajax.googleapis.com; object-src 'self'",
"version": "0.1.0",
"icons":{
"16": "logo-16.png",
"48": "logo-48.png",
"128": "logo-128.png"
},
"browser_action": {
"default_popup": "popup.html"
},
"web_accessible_resources": [
"scripts/audio_file.wav", "reminder.html"
],
"permissions": [
"storage",
"identity.email",
"tabs",
"https://www.example.com/yzs",
"https://www.example.com/xyz"
],
"background": {
"scripts": ["jquery-3.5.1.min.js", "background.js", "flipclock-min.js", "script.js"],
"persistent": false
}
}
Yet in the developer console I am required to justify why I am using hosting permission. I tried even starting a new process hoping it wouldn't ask anymore but nothing changed. Why is this?

Refused to load the script: https://apis.google.com/js/api.js

I'm trying to implement firebase authentication for a chrome extension. I can sign in using email and password, but I can't get the social logins to work (google and facebook)
here is the error message:
Refused to load the script 'https://apis.google.com/js/api.js?onload=__iframefcb541553' because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
manifest.json
{
"manifest_version": 2,
"name": "...",
"description": "...",
"version": "0.0.0.1",
"icons": {},
"background": {
"scripts": [
"event.js"
],
"persistent": true
},
"permissions": ["tabs", "https://*/*","activeTab"],
"browser_action": {
"default_title": "...",
"default_popup": "popup.html"
},
"content_scripts": [
{
"matches": ["*://*/*"],
"css": [],
"js": ["content.js"]
}
],
"content_security_policy": "script-src 'self' https://apis.google.com; object-src 'self';"
}
signin
handleSocialLogin(provider) {
return () => {
auth
.signInWithPopup(provider)
.then(user => {
this.props.onUserChange(user)
localStorage.setItem('user', JSON.stringify(user))
})
.catch(error => this.setState({ error }))
}
}

Chrome Extension blocks programmatic request to popup.html

After the release of Chrome 66, our specs for testing a Chrome Extension fail because we are unable to access the popup.html programmatically because the request to chrome-extension://<extension-id>/src/popup.html is blocked.
We've tried getting the extension ID programmatically using chrome.runtime.id and chrome.runtime.getURL().
We've also tried generating our own PEM to sign the extension and using the generated ID in the manifest as the extension key. Both of these attempts have proved fruitless.
Is there still a way to access Chrome Extension programmatically for testing?
Update: Here is my manifest.json:
{
"manifest_version": 2,
"name": "Paparazzi",
"version": "1.0.9",
"background": {
"matches": ["<all_urls>"],
"scripts": [
"src/background.js",
"vendor/jszip.js",
"vendor/FileSaver.js",
"vendor/mixpanel.js"
]
},
"browser_action": {
"default_icon": {
"16": "ic-paparazzi-16.png",
"48": "ic-paparazzi-48.png",
"96": "ic-paparazzi-96.png",
"128": "ic-paparazzi-128.png",
"256": "ic-paparazzi-256.png"
},
"default_popup": "src/popup.html"
},
"commands": {
"capture_screen": {
"suggested_key": {
"default": "Ctrl+Shift+E",
"mac": "Command+Shift+E"
},
"description": "Capture screenshot of current tab"
}
},
"content_security_policy":
"script-src 'self' https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js; object-src 'self'",
"icons": {
"16": "ic-paparazzi-16.png",
"48": "ic-paparazzi-48.png",
"96": "ic-paparazzi-96.png",
"128": "ic-paparazzi-128.png",
"256": "ic-paparazzi-256.png"
},
"permissions": [
"activeTab",
"cookies",
"identity",
"identity.email",
"notifications",
"tabCapture",
"tabs",
"webRequest",
"webRequestBlocking",
"http://*/",
"*://*.sharethrough.com/*",
"*://localhost/*",
"<all_urls>"
],
"web_accessible_resources": [
"src/*",
"vendor/fonts/MetricWeb-Regular.woff",
"vendor/bootstrap.min.css"
],
"key": "bgcanlbkmndllogdnbohopfomoknmjmf"
}

I'm on Chrome 66.0.3359.117 and I was able to get files like this;
chrome.runtime.getURL("popups/popup.html");
window.open() succeed for getting it to open the page. It does not work when the folder or file is not specified under "web_accessible_resources".
"web_accessible_resources": [
"popups/*"
]
If the problem isn't with the manifest, then it's likely related to the testing software and not Chrome.

How do I change my "legacy packaged app" into an "extension"?

I have looked at the Google documentation but I can't see how to change its type.
This is the error I get on loading.
There were warnings when trying to install this extension:
'browser_action' is only allowed for extensions, and this is a legacy packaged app.
This is my manifest.json.
{
"name": "first app",
"description": "this is my first app",
"version": "1.4",
"manifest_version": 2,
"content_security_policy": "script-src 'self' https://en.wiktionary.org/; object-src 'self'",
"background": {
"page": "background.html"
},
"app": {
"launch": {
"local_path": "index.html"
}
},
"browser_action": {
"default_icon": "icon.png"
},
"icons": {
"128": "icon.png",
"16": "icon.png"
},
"permissions": [
"http://*/*",
"https://*/*",
"https://en.wiktionary.org/",
"http://en.wiktionary.org/",
"tabs",
"contextMenus",
"storage",
"unlimitedStorage",
"notifications"]
}
All I have is a right-click event at any-time while browsing and store that text for viewing on a main page. I added in the "browser_action" as the chrome store isn't alowing me to upload my extension as a "legacy packaged app", but I don't really understand what that is even after reading the documentation.

For an app use a manifest that looks like:
{
// Required
"app": {
"background": {
// Optional
"scripts": ["background.js"]
}
},
"manifest_version": 2,
"name": "My App",
"version": "versionString",
...
For an extension use
{
// Required
"manifest_version": 2,
"name": "My Extension",
"version": "versionString",
// Recommended
"default_locale": "en",
"description": "A plain text description",
"icons": {...},
// Pick one (or none)
"browser_action": {...},
"page_action": {...},
...

Resources