1

I'm trying to create a chrome app which requests access to firebase. I have set my CSP in manifest.json and I'm still getting CSP errors:

  "Content_security_policy": "script-src 'self' https://www.gstatic.com/ https://*.firebaseio.com https://www.*.googleapis.com; style-src 'self' https://www.googleapis.com/ https://fonts.googleapis.com/; default-src 'self' https://*.firebaseio.com",

This is the error I keep getting:

firebase.js:375 Refused to load the script 'https://myapp.firebaseio.com/.lp?start=t&ser=30696138&cb=1&v=5' because it violates the following Content Security Policy directive: "default-src 'self' blob: filesystem: chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

Anand Bhat
  • 5,591
  • 26
  • 30
beef
  • 79
  • 7
  • Possible duplicate of [Content-Security-Policy error https://ssl.gstatic.com](http://stackoverflow.com/questions/31149395/content-security-policy-error-https-ssl-gstatic-com) – Xan Sep 27 '16 at 09:36
  • 2
    Short version: `content_security_policy` mainfest key is ignored for Chrome Apps. – Xan Sep 27 '16 at 12:10
  • Well that sucks. :/ – beef Sep 27 '16 at 16:39
  • Chrome Apps are being deprecated anyway. You should consider another platform such as NW.js or Electron – Xan Sep 27 '16 at 16:41

0 Answers0