Firestore + Chrome extension content policy rule

0
votes

i try to use this : "content_security_policy": "script-src 'self' 'sha256-GgRxr...' https://cdn.firebase.com https://www.gstatic.com/ https://*firebaseio.com https://www.googleapis.com; object-src 'self'; connect-src 'self' wss://*firebaseio.com;",

but it does not work, i have read bunch of tutorials but all of them are about connecting Chrome Extension with Firebase only. I don't see any that are about connecting Chrome Extension with Firestore.

currently, this is a ReactJS web project, so if i load the normal website with 'yarn start' everything run perfectly. But when i use it with my extension the data document does not update to Firestore.

Sorry for my English.

1
google-chrome-extensiongoogle-cloud-firestorecontent-security-policy
The question is not very clear. First of you shouldnt start with the words "my solution" because it looks like an answer. Please explain your problem better. - Logemann
my English is not good. So here i updated it, thanks for the tip. - Duy Vu Nguyen

1 Answers

0
votes

You can get rid of the content_security_policy error by using the "externally_connectable" property on your manifest.json and match it against the googleapis.com domain that Firestore uses: 

  "externally_connectable": {
    "matches": ["*://*.googleapis.com/*"]
  },

This will only work as long as your request to Firestore is happening from the extension itself and not from the content.js script, unfortunately, if you try to trigger a request from a content script you'll get a CORB's error - you can find more info on this link: https://www.chromium.org/Home/chromium-security/extension-content-script-fetches