I am building a chrome extension
And I add the following code to a page within its files
window.fbAsyncInit = function () {
FB.init({
appId: "761023588971600",
autoLogAppEvents: true,
xfbml: true,
version: "v16.0",
});
};
var script = document.createElement("script");
script.async = true;
script.defer = true;
script.crossOrigin = "anonymous";
script.src = "https://connect.facebook.net/en_US/sdk.js";
document.head.appendChild(script);
my manifest.json
{
"manifest_version": 3,
"name": "Ultra Share Bot",
"description": "Share with ease",
"version": "1.0",
"icons": {
"16": "img/share_icon.png",
"32": "img/share_icon.png",
"48": "img/share_icon.png",
"128": "img/share_icon.png"
},
"action": {
"default_popup": "popup.html",
"default_icon": "img/share_icon.png",
"default_title": "Share with ease now"
},
"background": {
"service_worker": "background.js"
},
"permissions": [
"tabs"
]
}
These two errors show me how to solve it
Refused to load the script 'https://connect.facebook.net/en_US/sdk.js' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Refused to load the script 'https://connect.facebook.net/en_US/sdk.js' because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
I tried adding this code to a file manifest.json
"content_security_policy": {
"extension_pages": "script-src 'self' https://connect.facebook.net; object-src 'self';"
}
But it didn’t work out
Once the hosting was updated, Chrome blocked it and showed the following error
Error
'content_security_policy.extension_pages': Insecure CSP value "https://connect.facebook.net" in directive 'script-src'.
Could not load manifest.