Chrome扩展程序和Jenkins URL
我目前正在尝试开发一个chrome扩展程序,该扩展程序应该显示来自不同Jenkins服务器的数据.用户正在输入jenkins服务器的网址.
I'm currently trying to develop a chrome extension which is supposed to display data from different Jenkins servers. The url to the jenkins server is being entered by the user.
所以基本上我需要能够访问任何种类的詹金斯网址.
So basically what I need is being able to access any kind of jenkins url.
我的问题是Chrome的内容安全政策 仅允许您访问已在manifest.json中注册的域,如下所示:
My problem is that Chrome's Content Security Policy only allows you to access domains which you've registered in the manifest.json like so:
"content_security_policy": "script-src 'self' http://localhost:8080/; object-src 'self'".
但是由于不同的用户将要输入不同的URL,因此我需要能够动态更改此策略,而且我真的不知道该怎么做.
But since different users are going to enter different urls, I'd need to be able to change this policy dynamically, and I don't really know how to do that.
您似乎对将请求发送到随机域所需的内容有误解.
You seem have a misconception as to what is needed to send a request to a random domain.
CSP指令script-src指示您可以在哪里通过<script src="https://some.domain/script.js">从执行代码.确实,这是您无法将其列入白名单的内容.
CSP directive script-src dictates where you can execute code from specifically by <script src="https://some.domain/script.js">. That, indeed, is something you can't whitelist.
要发送GET/POST跨站点请求,您需要主机权限,而不是CSP修改.
To send GET/POST cross-site requests, you need a host permission, not a CSP modification.
有2种可能的方法:
- 授予自己广泛的权限,例如
"*://*/*"或"<all_urls>".这将使您以安装时警告可以读取和修改所有网站上的数据" 的代价来查询任何内容. -
使用可选权限API .这样,您可以避免在安装扩展名时配置安装时警告并提示提升权限.如果不需要经常进行此配置,这将很有意义.
- Give yourself wide permissions, e.g.
"*://*/*"or"<all_urls>". This will allow you to query anything at the cost of install-time warning "can read and modify data on all websites". Use the optional permissions API. That way, you can avoid the install-time warning and prompt for elevated permissions as the extension is configured. This would make sense if this configuration needs to be done infrequently.
特别注意:自2016年10月4日起,Firefox WebExtensions/Edge Extensions中未实现permissions API,因此,如果考虑到可移植性,则最好暂时避免用于新项目.
Extra note: as of 2016-10-04, permissions API is not implemented in Firefox WebExtensions / Edge Extensions, so if portability is a concern, it's best avoided for new projects for now.