My Chrome app has the following manifest:
{
"name": ",
"version": "1.0.3",
"manifest_version": 2,
"description": "Chrome Extension for.",
"icons": {
"16": "images/test.png",
"19": "images/test.png",
"256": "images/test.png"
},
"app": {
"background": {
"scripts": [
"background.js"
]
}
},
"sandbox": {
"js": [
"lib/test-api.js"
]
},
"permissions": [
"<all_urls>",
"notifications",
"storage",
"videoCapture"
]
}
I have a script file that runs eval
. I have read about CSP and sandboxing, but I still get this error:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.