This repository was archived by the owner on Jul 3, 2023. It is now read-only.
Description I am using chrome-sidebar to load a website as an iframe. When I try to run the extension on gmail (https://mail.google.com/mail ) - I get the following error:
mail.google.com/:1 Refused to frame '[my-website]' because it violates the following Content Security Policy directive: "frame-src 'self' https://clients4.google.com/insights/consumersurveys/ https://calendar.google.com/accounts/ https://ogs.google.com https://onegoogle-autopush.sandbox.google.com https://accounts.google.com/ https://apis.google.com/u/ https://apis.google.com/_/streamwidgets/ https://clients6.google.com/static/ https://content.googleapis.com/static/ https://mail-attachment.googleusercontent.com/ https://www.google.com/calendar/ https://calendar.google.com/calendar/ https://docs.google.com/ https://drive.google.com https://*.googleusercontent.com/docs/securesc/ https://feedback.googleusercontent.com/resources/ https://www.google.com/tools/feedback/ https://support.google.com/inapp/ https://*.googleusercontent.com/gadgets/ifr https://hangouts.google.com/ https://talkgadget.google.com/ https://*.talkgadget.google.com/ https://www-gm-opensocial.googleusercontent.com/gadgets/ https://plus.google.com/ https://wallet.google.com/gmail/ https://www.youtube.com/embed/ https://clients5.google.com/pagead/drt/dn/ https://clients5.google.com/ads/measurement/jn/ https://www.gstatic.com/mail/ww/ https://www.gstatic.com/mail/intl/ https://clients5.google.com/webstore/wall/ https://ci3.googleusercontent.com/ https://gsuite.google.com/u/ https://gsuite.google.com/marketplace/appfinder https://www.gstatic.com/mail/promo/ https://notifications.google.com/ https://tracedepot-pa.clients6.google.com/static/ https://mail-payments.google.com/mail/payments/ https://staging-taskassist-pa-googleapis.sandbox.google.com https://taskassist-pa.clients6.google.com https://appsassistant-pa.clients6.google.com https://*.client-channel.google.com/client-channel/client https://clients4.google.com/invalidation/lcs/client https://tasks.google.com/embed/ https://keep.google.com/companion https://contacts.google.com/widget/hovercard/v/2 https://*.googleusercontent.com/confidential-mail/attachments/".
it seems like this is caused by the restrictive Content Security Policy: https://bugs.chromium.org/p/chromium/issues/detail?id=408932
However, looking through the source code, it seems like this code modifies the proper "frame-src" permissions and loads the iframe in the same way specified here:https://stackoverflow.com/questions/24641592/injecting-iframe-into-page-with-restrictive-content-security-policy
any idea why this error is still occurring? it loads perfectly on every other website aside from https://mail.google.com/mail
Reactions are currently unavailable
I am using chrome-sidebar to load a website as an iframe. When I try to run the extension on gmail (https://mail.google.com/mail) - I get the following error:
it seems like this is caused by the restrictive Content Security Policy: https://bugs.chromium.org/p/chromium/issues/detail?id=408932
However, looking through the source code, it seems like this code modifies the proper "frame-src" permissions and loads the iframe in the same way specified here:https://stackoverflow.com/questions/24641592/injecting-iframe-into-page-with-restrictive-content-security-policy
any idea why this error is still occurring? it loads perfectly on every other website aside from https://mail.google.com/mail