I am trying to make a chrome extension, and I would have to update a JS file very often, so I put a external link for it. I want to acess the variable promocodes (which is an object) in that carregar() function.
function carregar(){
const promocodesScriptObj = document.createElement("script");
promocodesScriptObj.setAttribute("src", "https://raw.githubusercontent.com/leonardobagi/robloxpromocodemaster/main/promocodesObj.js");
promocodesScriptObj.setAttribute("type", "text/javascript");
document.querySelector("head").appendChild(promocodesScriptObj);
...
}
But then when I try loading the page, it catches the following error:
Refused to load the script ‘https://raw.githubusercontent.com/leonardobagi/robloxpromocodemaster/main/promocodesObj.js’ because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net adservice.google.com ajax.aspnetcdn.com ajax.googleapis.com …
I have no idea of how to fix it. I’ve tried adding the following line to manifest.json, but it stills returning the same error
"content_security_policy": {
"extension_pages": "script-src 'self'; object-src 'self'",
"sandbox": "sandbox allow-scripts; script-src 'self' 'https://apis.google.com/' 'https://www.gstatic.com/' 'https://*.firebaseio.com' 'https://www.googleapis.com' 'https://ajax.googleapis.com' 'https://raw.githubusercontent.com'; object-src 'self'"
},