Skip to content

Instantly share code, notes, and snippets.

View eelectronn's full-sized avatar
🏠
Working from home

Harsh Patel eelectronn

🏠
Working from home
  • The University of Winnipeg
  • Winnipeg, MB, CA
View GitHub Profile
@amad-person
amad-person / gist:f0ef85a2123a2e1fcf8052dcf09eef90
Last active August 12, 2023 17:38
Bypass CSP restrictions in create-react-app Chrome extensions

While building a React Chrome extension using the create-react-app utility (v2.x), I came across the following error on loading my unpacked extension:

Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘self’
blob: filesystem: chrome-extension-resource:”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-
GgRxrVOKNdB4LrRsVPDSbzvfdV4UqglmviH9GoBJ5jk=’), or a nonce (‘nonce-…’) is required to enable inline execution.

Basically, this error arises as Chrome (or almost any modern browser) will not allow inline scripts to get executed. This CSP restriction resulted in the above error as the build script in create-react-app bundles the .js files in <script> tags in the <body> of index.html.