addRemoteJS api not working in crossrider extension in firefox due to content security policy

Question

In my crossrider extension I am adding remote JS on gmail page using following api.

appAPI.dom.addRemoteJS({
    url: "https://myserver.com/JS/myJs.min.js",
    additionalAttributes: {charset: "UTF-8"},
    callback: function(ref) {

}

This was a working extension code. Due to gmail's content security policy , code has stopped working and giving following message in firefox: Content Security Policy: The page's settings blocked the loading of a resource at https://myserver.com/JS/myJs.min.js (script-src )

Is there any workaround to load js from remote url.

Usually, [appAPI.dom.addRemoteJS](http://docs.crossrider.com/#!/api/appAPI.dom-method-addRemoteJS) works fine. Additionally, I created an extension based on your example and there was no problem running on Firefix. In order to assist you, I need to know the exact steps for reproducing the issue including any relevant screenshots or URLs of pages this is occurring on. If possible the extension id and where the code snippet can be found would really help. [**Disclosure**: I am a Crossrider employee] — Shlomo, Dec 30 '14 at 13:49

score 1 · Accepted Answer · answered Dec 31 '14 at 10:14

Looks like a CSP protection issue. You can try working around the issue by injecting the script instead, e.g.

appAPI.request.get({
  url: 'https://myserver.com/JS/myJs.min.js';,
  onSuccess: function(result) {
    var s = document.createElement('SCRIPT');
    s.type = 'text/javascript';
    s.charset = 'UTF-8';
    s.text = result;
    document.head.appendChild(s);
  }
});

[Disclosure: I am a Crossrider employee]

addRemoteJS api not working in crossrider extension in firefox due to content security policy

1 Answers1