vite-plugin-web-extension icon indicating copy to clipboard operation
vite-plugin-web-extension copied to clipboard
verified publisher icon samrum

Content Security Policy error for bundle js files

Open AnweshGangula opened this issue 1 year ago • 5 comments

Since a week, I have been receiving below error when I'm trying to use my extension which was working fine. I did not make any change in the code.

Refused to load the script 'chrome-extension://2a0537bb-6706-4dfa-b5f7-c1675289a43c/assets/src/entries/contentScript/primary/main.d2e7ec72.js' because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

The script mentioned above is the bundled script file generated by running vite build

A question has been posted regarding this in stack-overflow.

AnweshGangula avatar Oct 24 '24 13:10 AnweshGangula

@AnweshGangula

Hey! I posted a solution in #146

SleepyStew avatar Oct 24 '24 21:10 SleepyStew

I tried this out, it doesn't seem to solve the issue.

Looks like a similar issue was posted in crxjs: https://github.com/crxjs/chrome-extension-tools/issues/927

AnweshGangula avatar Oct 25 '24 08:10 AnweshGangula

Hey. I don't know if you're still having issues, but I fixed it by adding this to my vite config:

// ...
server: { cors: { methods: "GET", origin: "*" } },
// ...

viniciussalvati avatar Jan 22 '25 12:01 viniciussalvati

I tried this but now I'm getting below error:

Uncaught (in promise) TypeError: Failed to fetch dynamically imported module: chrome-extension://8b3d4793-99f5-44f3-bf84-004cdf5d9e84/assets/src/entries/contentScript/primary/main.614686f0.js

AnweshGangula avatar Jan 23 '25 15:01 AnweshGangula

server: { cors: { methods: "GET", origin: "*" } },

that fixed for me

ugurkellecioglu avatar Sep 13 '25 06:09 ugurkellecioglu