[好讀版]

如果要在 Extension 的頁面(如：彈出頁面、選項頁面)載入 jQuery，會發現載入失敗，錯誤如下所示。

Refused to load the script 'https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".

跨域資源共享的方法

在 manifest.json 設定檔中定義 content_security_policy。如下所示。

manifest.json

{
...
"content_security_policy" : "default-src 'self'; script-src 'self' https://ajax.googleapis.com;",
...
}

**說明：**如果沒有定義 content_security_policy 的話，會有預設值，如下所示。

script-src 'self'; object-src 'self'

另外，如果設定錯誤的話，在載入 extension 時就會失敗。

Invalid value for 'content_security_policy': Both 'script-src' and 'object-src' directives must be specified (either explicitly, or implicitly via 'default-src'), and both must whitelist only secure resources. You may include any of the following sources: "'self'", "'unsafe-eval'", "http://127.0.0.1", "http://localhost", or any "https://" or "chrome-extension://" origin. For more information, see http://developer.chrome.com/extensions/contentSecurityPolicy.html