Flutter chrome extension error when uploading

by

I am releasing my flutter app to make a chrome extension.

I have followed several tutirals. I have changed my manifest.json like this

{
    "name": "Health Reports",
    "description": "Health Reports",
    "version": "1.0.0",
    "content_security_policy": {
        "extension_pages": "script-src 'self' ; object-src 'self'"
    },
    "action": {
        "default_popup": "index.html",
        "default_icon": "icons/Icon-192.png"
    },
    "manifest_version": 3
}

And the index.html to this:

<!DOCTYPE html>
<html><html style="height: 600px; width: 350px">
<head>
   <base href="$FLUTTER_BASE_HREF">

  <meta charset="UTF-8">
  <meta content="IE=Edge" http-equiv="X-UA-Compatible">
  <meta name="description" content="A new Flutter project.">

  <!-- iOS meta tags & icons -->
  <meta name="apple-mobile-web-app-capable" content="yes">
  <meta name="apple-mobile-web-app-status-bar-style" content="black">
  <meta name="apple-mobile-web-app-title" content="health_reports">
  <link rel="apple-touch-icon" href="icons/Icon-192.png">

  <!-- Favicon -->
  <link rel="icon" type="image/png" href="favicon.png"/>

  <title>health_reports</title>
  <link rel="manifest" href="manifest.json">


</head>
<body>
<script src="main.dart.js" type="application/javascript"></script>
</body>
</html>

I build the app like this:

flutter build web --web-renderer html --csp

I go to the chrome extensions and unpack from the build.web folder.

The extension gets added, but it doesn’t run. It shows an error:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-rWbYnyDPanXfQcWaXnJE1X+pksn8vPbxt/BM6O/6aak='), or a nonce ('nonce-...') is required to enable inline execution.
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*". Either the 'unsafe-inline' keyword, a hash ('sha256-rWbYnyDPanXfQcWaXnJE1X+pksn8vPbxt/BM6O/6aak='), or a nonce ('nonce-...') is required to enable inline execution.
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-i17MY4iR12/Ns8ZBrk/vnReTv049h6kbWIQLnNt9VVI='), or a nonce ('nonce-...') is required to enable inline execution.
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*". Either the 'unsafe-inline' keyword, a hash ('sha256-i17MY4iR12/Ns8ZBrk/vnReTv049h6kbWIQLnNt9VVI='), or a nonce ('nonce-...') is required to enable inline execution.
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-2Jz4sphv3i8FDZ3R4exqHvzmiaNcPmXdhYR783nUjaA='), or a nonce ('nonce-...') is required to enable inline execution.
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*". Either the 'unsafe-inline' keyword, a hash ('sha256-2Jz4sphv3i8FDZ3R4exqHvzmiaNcPmXdhYR783nUjaA='), or a nonce ('nonce-...') is required to enable inline execution.

  • Inline scripts can’t be used in ManifestV3, so you need to configure flutter accordingly. I don’t know how though.

    – 




Leave a Comment