Ah. Since those errors are coming form individual element files, it looks like you haven't vulcanized the app. Unfortunately, right now, running vulcanize is our recommended way to get around CSP issues.
On Wed, Jul 9, 2014 at 12:17 PM, <[email protected]> wrote: > Sure. This is the test code: > > <!DOCTYPE html> > > <html> > <head> > <title>PolymerApp</title> > <!-- 1. Load platform.js for polyfill support. --> > <script src="bower_components/platform/platform.js"></script> > > <!-- 2. Use an HTML Import to bring in the element. --> > <link rel="import" > href="bower_components/paper-button/paper-button.html" /> > <link rel="stylesheet" href="styles.css"> > </head> > > <body> > <h1 id="greeting"></h1> > <paper-button label="flat button"></paper-button> > <paper-button label="raised button" raisedButton></paper-button> > <script src="main.js"></script> > </body> > </html> > > > and here are the errors: > > > 1. Refused to evaluate a string as JavaScript because 'unsafe-eval' is > not an allowed source of script in the following Content Security Policy > directive: "default-src 'self' chrome-extension-resource:". Note that > 'script-src' was not explicitly set, so 'default-src' is used as a > fallback. observe.js:794 > 1. (anonymous function)observe.js:794 > 2. (anonymous function)observe.js:797 > 3. (anonymous function)observe.js:1716 > > Refused to execute inline script because it violates the following Content > Security Policy directive: "default-src 'self' chrome-extension-resource:". > Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce > ('nonce-...') is required to enable inline execution. Note also that > 'script-src' was not explicitly set, so 'default-src' is used as a > fallback. core-meta.html:61 > Refused to execute inline script because it violates the following > Content Security Policy directive: "default-src 'self' > chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash > ('sha256-...'), or a nonce ('nonce-...') is required to enable inline > execution. Note also that 'script-src' was not explicitly set, so > 'default-src' is used as a fallback. core-iconset.html:65 > Refused to execute inline script because it violates the following > Content Security Policy directive: "default-src 'self' > chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash > ('sha256-...'), or a nonce ('nonce-...') is required to enable inline > execution. Note also that 'script-src' was not explicitly set, so > 'default-src' is used as a fallback. core-icon.html:43 > Refused to execute inline script because it violates the following > Content Security Policy directive: "default-src 'self' > chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash > ('sha256-...'), or a nonce ('nonce-...') is required to enable inline > execution. Note also that 'script-src' was not explicitly set, so > 'default-src' is used as a fallback. paper-focusable.html:34 > Refused to execute inline script because it violates the following > Content Security Policy directive: "default-src 'self' > chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash > ('sha256-...'), or a nonce ('nonce-...') is required to enable inline > execution. Note also that 'script-src' was not explicitly set, so > 'default-src' is used as a fallback. paper-ripple.html:88 > Refused to execute inline script because it violates the following > Content Security Policy directive: "default-src 'self' > chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash > ('sha256-...'), or a nonce ('nonce-...') is required to enable inline > execution. Note also that 'script-src' was not explicitly set, so > 'default-src' is used as a fallback. paper-shadow.html:64 > Refused to execute inline script because it violates the following > Content Security Policy directive: "default-src 'self' > chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash > ('sha256-...'), or a nonce ('nonce-...') is required to enable inline > execution. Note also that 'script-src' was not explicitly set, so > 'default-src' is used as a fallback. paper-button.html:84 > > However thanks for the suggestion about the external scripts. It will help > for sure. > > > Il giorno mercoledì 9 luglio 2014 17:22:31 UTC+2, Eric Bidelman ha scritto: >> >> Can you elaborate on the CSP errors? >> >> BTW, if you're worried about a single JS file becoming too big, develop >> your components by referencing an external js file. >> >> <polymer-element name="my-element"> >> ... >> <script src="path/to/my-element.js"></script> >> </polymer-element> >> >> See http://www.polymer-project.org/docs/polymer/polymer.html# >> altregistration. >> >> >> On Wed, Jul 9, 2014 at 10:13 AM, <[email protected]> wrote: >> >>> Hello all. I'm about to decide whether to use Polymer in a Chrome >>> Packaged Application in the near future. Since the project will be quite >>> big (it's a rewriting of a software currently written in Java and NetBeans >>> Platform), I'm quite worried about using Vulcanizer as my main file will >>> grow up a lot. So, I was wondering: is there any plan on bringing Polymer >>> on Chrome Packaged Apps natively? I tried running a test app in Chrome Dev >>> Editor and Chrome 36 Beta, but I still get CSP-related errors, so I guess >>> that HTML imports and Observe-js becoming native are not the only missing >>> pieces...Can someone give me a clue? >>> >>> Follow Polymer on Google+: plus.google.com/107187849809354688692 >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Polymer" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/polymer-dev/2dd04aeb-0d00-404c-af63-e8f38b3d42d8% >>> 40googlegroups.com >>> <https://groups.google.com/d/msgid/polymer-dev/2dd04aeb-0d00-404c-af63-e8f38b3d42d8%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> Follow Polymer on Google+: plus.google.com/107187849809354688692 > --- > You received this message because you are subscribed to the Google Groups > "Polymer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/polymer-dev/1c1f2c64-6263-4544-a552-d60d2b389bb4%40googlegroups.com > <https://groups.google.com/d/msgid/polymer-dev/1c1f2c64-6263-4544-a552-d60d2b389bb4%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > Follow Polymer on Google+: plus.google.com/107187849809354688692 --- You received this message because you are subscribed to the Google Groups "Polymer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/polymer-dev/CACGqRCA1ojE6VXgrQgbAFba53SFm%3DrTPO2RcZ%2B88c2tjyGm%2BMQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
