Refused to execute inline script because it violates the following Content Security Policy directive without external scripts

Question

I'm making a chrome extension and keep getting this error: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash I've already tried using <meta> and other methods. (I'm not using any external scripts, so other posts are unusable) manifest.json:

{
  "name": "Mini Embed",
  "description": "Opens a small version of a webpage",
  "version": "1.0",
  "manifest_version": 3,
  "action": {
    "default_popup": "index.html"
  }
}

index.html:

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
  <style>
    body {
      width: 320px;
      height: 169px;
    }

    #btn {
      background-color: #0bde19;
    }

    iframe {
      width: 300;
      height: 169;
    }
  </style>
</head>

<body>
  <script>
  var url;
  function run(){
  url = document.getElementById("text").value;
    document.getElementById("iframe").src = "url";
  }
  </script>
  <span>
  <button onclick="run" id="btn">Embed</button>
  <input id="text" placeholder="enter URL">
  </span>
</body>

</html>

Don't use inline script. Use a separate js file. – wOxxOm Sep 24 '21 at 12:18 — wOxxOm, Sep 24 '21 at 12:18

Refused to execute inline script because it violates the following Content Security Policy directive without external scripts

0 Answers0