Chrome Extension with React – gotcha

I’m rebuilding my Chrome Extension Tab List to use ReactJS (as part of my learning trip) and encountered following error:

Uncaught EvalError: Refused to evaluate a string as JavaScript because ‘unsafe-eval’ is not an allowed source of script in the following Content Security Policy directive: “script-src ‘self’ blob: filesystem: chrome-extension-resource:”.

Kind of a showstopper here, but of course, seek and ye shall find, I wasn’t the first with this problem and solution was up there.

Obviously Chrome applies security restrictions which prevents call to eval, fair enough. As per this bug report, you have to add content_security_policy option in the extensions manifest file, that will allow for “evil eval”.

Following is the entry to add into manifest.json file.

"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",

Leave a Reply

Your email address will not be published. Required fields are marked *