本文详细介绍了Chrome应用的Content Security Policy (CSP)限制及其遵守方法,包括生命周期工作流程、上传应用至开发者仪表板的具体步骤以及使用Apache Cordova进行开发的注意事项。
1、What is the CSP for Chrome Apps
The content security policy for Chrome Apps restricts you from doing the following:
You can’t use inline scripting in your Chrome App pages. The restriction bans both <script> blocks and event handlers (<button οnclick="...">).
You can’t reference any external resources in any of your app files (except for video and audio resources). You can’t embed external resources in an iframe.
You can’t use string-to-JavaScript methods like
eval()andnew Function().
How to comply with CSP
All JavaScript and all resources should be local (everything gets packaged in your Chrome App).
2、How the lifecycle works
3、Upload your app via the Developer Dashboard
Compress your application's root directory (the folder containing the manifest.json file) into a .zip file.
Go to the Chrome Web Store Developer Dashboard and log in with a developer-verified Google Account. (If you don't have a verified account, you can sign up for a nominal fee.)
Click Add new item.
Accept the terms and services agreement to continue.
Use the choose file dialog box to find the .zip file in your system. Select that file to upload.
4、CCA
To use Apache Cordova with an existing Chrome App, you use the cca (c ordova c hrome a pp) command-line tool.
扫一扫
313
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
