Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘self’”

Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘self’”

Im creating a chrome extension for Rss reader in that im getting the above error. please help
“name”: “Tutorialzine Extension”,
“manifest_version”: 2,
“version”: “1.1”,
“description”: “Making your first Google Chrome extension.”,
“icons”: {
“128”: “icon_128.png”
“web_accessible_resources”: [“script.js”, “”],
“browser_action”: {
“default_icon”: “icon.png”,
“default_popup”: “tutorialzine.html”
“permissions”: [“tabs”, “ 1 * 60 * 60) {
$.get(“yahoo.js”, function (msg) {

// msg.query.results.item is an array:
var items = msg.query.results.item;
var htmlString = “”;

for (var i = 0; i < items.length; i++) { var tut = items[i]; // Extracting the post ID from the permalink: var id = tut.guid.content.match(/(\d+)$/)[0]; // Looping and generating the markup of the tutorials: htmlString += '


‘ + tut.title + ‘


‘ + tut.description + ‘

Read more\


// Setting the cache
localStorage.cache = htmlString;
localStorage.time = now;

// Updating the content div:
}, ‘json’);
} else {
// The cache is fresh, use it:

Error in jquery.min.js:
Jquery.min.js contains inline script what to do
parentNode:d.removeChild(d.appendChild(s.createElement(“div”))).parentNode===null,deleteExpando:true,checkClone:false,scriptEval:false,noCloneEvent:true,boxModel:null};b.type=”text/javascript”;try{b.appendChild(s.createTextNode(“window.”+f+”=1;”))}catch(i){}a.insertBefore(b,a.firstChild);if(A[f]){;delete A[f]}try{delete b.test}catch(o){}a.removeChild(b);if(d.attachEvent&&d.fireEvent){d.attachEvent(“onclick”,function k(){


Solution 1:

I also faced such type of problem when working with LinkedIn oAuth API.

I was using linkedIn API with following settings for cordova


 <access origin="*" launch-external="yes"/>
  <allow-navigation href="*" />

Meta Tag was

 <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">


<script type="text/javascript" src=""></script>

When i run the application on emulator its giving

enter image description here

Fixed Problem to add uri into meta tag like

<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ">


Related:  font-family is inherit. How to find out the font-family in chrome developer pane?