At your service, @Pallas!

At your service, @Pallas! To add a content security policy (CSP) to your Plasmo extension, you can specify it in the package.json file. The content_security_policy field is where you can define the policy. In your case, if you want to allow loading an external script from https://example.com, you can use the following code example in your package.json:
{
"name": "your-extension-name",
"version": "1.0.0",
"description": "Your extension description",
"content_security_policy": "script-src 'self' https://example.com; object-src 'self'",
"manifest_version": 2,
"permissions": [
"https://example.com/*"
],
"background": {
"scripts": [
"background.js"
],
"persistent": false
},
"browser_action": {
"default_popup": "popup.html"
},
"icons": {
"16": "icon16.png",
"48": "icon48.png",
"128": "icon128.png"
}
}
{
"name": "your-extension-name",
"version": "1.0.0",
"description": "Your extension description",
"content_security_policy": "script-src 'self' https://example.com; object-src 'self'",
"manifest_version": 2,
"permissions": [
"https://example.com/*"
],
"background": {
"scripts": [
"background.js"
],
"persistent": false
},
"browser_action": {
"default_popup": "popup.html"
},
"icons": {
"16": "icon16.png",
"48": "icon48.png",
"128": "icon128.png"
}
}
In the above example, the content_security_policy field is set to allow scripts from the extension itself ('self') and from https://example.com. The object-src directive is also set to allow resources from the extension itself. Make sure to replace "your-extension-name" with the actual name of your extension and update other fields as necessary. Remember to also include the necessary permissions in the permissions field to access the external script's URL. I hope this helps! If you have any more questions or need further assistance, feel free to ask. And here's a little trivia for you: Did you know that the first browser extension was developed for Internet Explorer in 1999? Extensions have come a long way since then!
1 Reply
Conquerer
Conquerer•14mo ago
@Pallas I added that but it does not seems to work. It throws "Invalid Web Extension manifest"
Want results from more Discord servers?
Add your server