Secure execution in chrome extensions #8777
Comments
@IgorMinar it sounds like there are still issues with CSP auto-detection in the new beta |
As a comment, relevant Stack Overflow question. |
Anyways, you should be able to force CSP mode (which will not use |
@caitp Using |
It fixes your app, but it doesn't fix the bug in angular, because we are technically supposed to be automatically detecting CSP mode =) |
there is no bug. we tried to autodetect csp by using it, but that threw an exception which we caught and switched into csp-safe mode. however the autodetection caused the warning to be logged in console. this warning should be ignored. |
the ngCsp docs already mention that this warning is expected. I don't think that we can do much better than that since there is no better way to autodetect csp mode. |
The latest AngularJS 1.3 beta 19 uses
eval
. This is prohibited by default and not recommended by security reason in chrome extensions.How to fix the issue without allowing
eval
s? https://developer.chrome.com/extensions/contentSecurityPolicy#relaxing-evalError message:
Stack trace:
The text was updated successfully, but these errors were encountered: