-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Chrome Packaged App: Refused to evaluate a string as JavaScript because 'unsafe-eval' #612
Comments
Hi @himulawang, I fixed this already in googlearchive/observe-js@fc8d439 The Dart web_component package is updated in https://codereview.chromium.org/355133002/ Also, a few general notes:
|
Thank you for your notes & fixing this problem so fast @jmesserly |
No problem! I wanted to point you at one additional problem we found today: https://github.com/Polymer/polymer-dev/issues/42 ... it only happens if you are using "noscript" elements. |
As i understand this fix does not availiable on https://pub.dartlang.org/packages/web_components now. Could you tell please, how to use the lastest dev version of web_components? I rebuild platform.js from github (via https://github.com/polymer/tools). Then override platform* files in dart source tree dart/pkg/web_components/lib with newly builded files. But I see the same errors in console "Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback." I try to use paper-button polymer elements in chrome packaged app. |
I found solution. After dart2js run vulcanize index.html --csp. |
Have you tried what I suggested on your SO question http://stackoverflow.com/questions/24620604 |
Yes, I use
but it is not enough, in practice. I suppose because dart paper_elements import a html files with polymerJS based paper_elements |
How do we fix this in a Chrome packaged app without using Dart ? |
Running the app through vulcanize with the --csp flag should fix it. Give this a shot: github.com/polymerlabs/polymerchromeapp On Tue, Jul 29, 2014 at 2:30 AM, Prateek Jassal [email protected]
|
Seems this problem come back again. #252
Chromium 36.0.1985.67 (Developer Build 277752)
OS Linux
Blink 537.36 (@173750)
JavaScript V8 3.26.31
Dart 1.5.2
Flash (Disabled)
User Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 (Dart) Safari/537.36
Command Line ./chrome --flag-switches-begin --enable-experimental-web-platform-features --flag-switches-end
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
observe.js:988
(anonymous function) observe.js:988
(anonymous function) observe.js:992
(anonymous function) wrappers.js:37
Anybody has the same problem?
The text was updated successfully, but these errors were encountered: