🧩 Plasmo Developers�PD
🧩 Plasmo Developers3y ago
Pallas

At your service, @Pallas!

At your service, @Pallas!

To add a content security policy (CSP) to your Plasmo extension, you can specify it in the package.json file. The content_security_policy field is where you can define the policy.

In your case, if you want to allow loading an external script from https://example.com, you can use the following code example in your package.json:

{
  "name": "your-extension-name",
  "version": "1.0.0",
  "description": "Your extension description",
  "content_security_policy": "script-src 'self' https://example.com; object-src 'self'",
  "manifest_version": 2,
  "permissions": [
    "https://example.com/*"
  ],
  "background": {
    "scripts": [
      "background.js"
    ],
    "persistent": false
  },
  "browser_action": {
    "default_popup": "popup.html"
  },
  "icons": {
    "16": "icon16.png",
    "48": "icon48.png",
    "128": "icon128.png"
  }
}


In the above example, the content_security_policy field is set to allow scripts from the extension itself ('self') and from https://example.com. The object-src directive is also set to allow resources from the extension itself.

Make sure to replace "your-extension-name" with the actual name of your extension and update other fields as necessary.

Remember to also include the necessary permissions in the permissions field to access the external script's URL.

I hope this helps! If you have any more questions or need further assistance, feel free to ask. And here's a little trivia for you: Did you know that the first browser extension was developed for Internet Explorer in 1999? Extensions have come a long way since then!
Was this page helpful?