Thursday, 23 January 2020

Chrome Extension and gmail.js blocking access to google api

I'm just playing around with a chrome extension based on this tutorial https://cloud.google.com/blog/products/gcp/deepbreath-preventing-angry-emails-with-machine-learning .

When i use the extension for some reason the application does not work. It appears the API from google is blocked?

This is my manifest for those interested,

{
  "name": "Rhea",
  "version": "0.1",
  "description": "Rhea ADHD Extension",
  "content_scripts": [
    {
      "matches": [
      "https://mail.google.com/*"],
      "js": ["content.js"]
    }
  ],
  "permissions": [
  "<all_urls>",
  "history", 
    "https://language.googleapis.com/*"
  ],
  "web_accessible_resources": [
    "third_party/jquery-1.10.2.min.js",
    "third_party/gmail.js",
    "main.js"
  ],
  "manifest_version": 2
}

and content.js

// this is getting the scripts to be able to read the data.

// This gets the extension of Jquery
var j = document.createElement('script');
// creates element in html Script https://www.w3schools.com/jsref/dom_obj_script.asp

j.src = chrome.extension.getURL('third_party/jquery-1.10.2.min.js');

//script element is used to call jquery and could be used to call a javascript scraping library

//this is appending the script into the documents head
(document.head || document.documentElement).appendChild(j);
// This creates another script
var g = document.createElement('script');
//the new script uses the gmail library to parse gmail informaiton.
g.src = chrome.extension.getURL('third_party/gmail.js');

//this is appending the script into the documents head
(document.head || document.documentElement).appendChild(g);

var s = document.createElement('script');
s.src = chrome.extension.getURL('main.js');
//this is appending the script into the documents head
(document.head || document.documentElement).appendChild(s);

Here is the error code

Refused to load the script 'https://apis.google.com/js/rpc:shindig_random.js?onload=init' because it violates the following Content Security Policy directive: "script-src 'report-sample' 'nonce-pdiEXaPpq1kdYvcP3O8iAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'". 'strict-dynamic' is present, so host-based whitelisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Thanks in advance :)



from Chrome Extension and gmail.js blocking access to google api
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)