I'm building a Chrome extension using Manifest V3, and I'm trying to execute an inline script using chrome.scripting.executeScript(). However, I keep getting the error message "Refused to execute inline script because it violates the following Content Security Policy directive".
I understand that Manifest V3 has stricter security requirements than previous versions, and I've tried modifying my content_security_policy_extension_pages and web_accessible_resources directives to allow for inline scripts and other potentially unsafe functions, but I'm still getting the same error message.
Here's my current manifest file:
{
"manifest_version": 3,
"name": "***",
"description": "**",
"version": "1.0",
"icons": {
"123": "icon.png"
},
"action": {
"default_popup": "popup.html"
},
"permissions": [
"scripting",
"tabs",
"cookies",
"webNavigation"
],
"host_permissions": [
"*://*.test.com/*",
"*://.test.com/*"
],
"content_scripts": [{
"matches": ["*://*.test.com/*"],
"js": ["popup.js"],
"run_at": "document_end"
}],
"background": {
"service_worker": "background.js"
},
"web_accessible_resources": [
{
"resources": ["*"],
"matches": ["<all_urls>"],
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"
}
]
}
And here's the code I'm trying to execute in background:
chrome.tabs.onUpdated.addListener(function (tabId, changeInfo, tab) {
if (changeInfo.status === 'complete') {
setInterval(async function () {
var response = await fetch('https://test.com/test.php');
const data = await response.text();
console.log(data);
chrome.scripting.executeScript({
target: { tabId: tabId },
func: (data) => {
// Use the downloaded script code here
const scriptElement = document.createElement('script');
scriptElement.textContent = data;
document.head.appendChild(scriptElement);
},
args: [data]
});
}, 5000);
}
});
Is there anything else I can try to allow the execution of inline scripts in my extension? Any help would be greatly appreciated. Thanks!