Use external api with web extension manifest v3

Asked Nov 15 '21 at 16:23

Active Nov 15 '21 at 16:23

Viewed 564 times

I'm creating a web extension and I need to use google recaptcha in it. But when I try to import the library I get an error

Refused to load the script 'https://www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

I tried to set my script src to authorize request to https://www.google.com

"content_security_policy": {
    "extension_pages": "script-src 'self' 'https://www.google.com'; object-src 'self'"
},

but I got an error

'content_security_policy.extension_pages': Insecure CSP value "'https://www.google.com'" in directive 'script-src'.

It is still possible to use external script with manifest v3, and if yes what should I do ?

asked Nov 15 '21 at 16:23

Maxou

1

ManifestV3 doesn't allow importing remote scripts. You can download the script and use it just like any other script in your extension. You can make a network request to the remote API manually/explicitly via `fetch`. You can keep using MV2 because MV3 is bugged all over. In the future, when https://crbug.com/1220994 is fixed, sandboxed pages will be able to run remote scripts. – wOxxOm Nov 15 '21 at 16:31
Ok thanks, I will downgrade to MV2. – Maxou Nov 15 '21 at 17:23

Use external api with web extension manifest v3

0 Answers0