3

I am trying to make a chrome application and want to use the livereload so as to automatically update my when I make changes. But I am getting the following message —

Error Message:

Refused to load the script 'http://localhost:35729/livereload.js' because it violates the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

I added the following section in my manifest.json file but then chrome started giving a warning.

"content_security_policy": "script-src 'self' 'http://127.0.0.1:1337/livereload.js'; object-src 'self'"

Warning -

here were warnings when trying to install this extension: 'content_security_policy' is only allowed for extensions and legacy packaged apps, and this is a packaged app.

UPDATE:

The issue arises when I use a background script to create the window. ie when I have this in my manifest file 

"background": {
    "scripts": ["backgound.js"]
},

"content_security_policy": "script-src 'self' http://localhost:1337/livereload.js 'unsafe-eval'; object-src 'self'"

In case I don't use a background script, instead use this - 

"app": {
    "launch": {
        "local_path": "window.html"
    }

Then everything works just fine. Can someone please explain why is this happening?

tusharmath
  • 10,622
  • 12
  • 56
  • 83

1 Answers1

-7

What is your question? The error messages are pretty self-explanatory.

Your code can't violate the default CSP applicable to Chrome Apps. Have you looked into Content Security Policy and made your app compliant? Have you taken a look at any code samples for examples of what you're trying to do?

The first problem is that you're trying to load and execute external content. CSP prohibits that, and even if it didn't, your app wouldn't work offline if you did that. Try including the script as part of your app, rather than on an external (localhost) server. Then again, read up on CSP and fix any remaining issues so the error messages go away.

sowbug
  • 4,644
  • 22
  • 29