I'm trying to get my Chrome extension approved and want to understand how I should properly fill in the "permissions" and "csp" sections of the manifest.json. Those parts looks as follows:
...
"permissions": [
"storage",
"http://api.openweathermap.org/data/2.5/weather*"
],
"content_security_policy": "default-src 'self' http://api.openweathermap.org/data/2.5/weather*; script-src 'self'"
...
And that got rejected.
I'm using only:
- localStorage to store info about weather;
- Openweathermap API to get weather info (JSON).
I don't use any remote scripts.
So, my questions are:
- Do I really need a "storage" string if I use localStorage (not a chrome.storage)?
- What is a proper way to set a CSP in my case?
