I am trying to make a call to yql api. But get an error: I have the following
Manfiest.json:
"content_security_policy": "script-src 'self'; object-src 'self'",
Error:
Refused to load the script 'http://query.yahooapis.com/v1/public/yql?q=select%20*%20from%20html%20where…withkeys&callback=jQuery20208888747137971222_1400373036635&_=1400373036638' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".'
I tried doing it w/o having the "content_security_policy" But I would still get an error.
The code to do the call:
yqlAPI = 'http://query.yahooapis.com/v1/public/yql?q=' + encodeURIComponent(query) + ' &format=json&env=store%3A%2F%2Fdatatables.org%2Falltableswithkeys&callback=?';
$.getJSON(yqlAPI, function(r){
$.each(r.query.results.li, function(){
if(typeof this.font !== 'undefined')
{
gogoAnime1.push([this.a.href,this.font.content]);
}
});
gotFollowersOfA(gogoAnime1);});
I have been looking in the CSP (https://developer.chrome.com/extensions/contentSecurityPolicy#relaxing-remote-script) But I don't understand what I have to add to my manifest.json. To make it work all help would be appreciated!
I wonder if that's because of requesting an external object.
Content Security Policy (CSP) - Google Chrome
If you have a need for some external JavaScript or object resources, you can relax the policy to a limited extent by whitelisting secure origins from which scripts should be accepted.
so adjust it accordingly, manfiest.json:
"content_security_policy":
"script-src 'self'; object-src 'self' https://query.yahooapis.com/"
And you'll need to use HTTPS origin:
As man-in-the-middle attacks are both trivial and undetectable over HTTP, those origins will not be accepted. Currently, we allow whitelisting origins with the following schemes: HTTPS, chrome-extension, and chrome-extension-resource.