Indeed, vulcanizing seems to be the only choice for now. So... back to the original question: I'll need to vulcanize even after Chrome 36, won't I?
Il giorno venerdì 11 luglio 2014 00:05:07 UTC+2, Eric Bidelman ha scritto: > > Ah. Since those errors are coming form individual element files, it looks > like you haven't vulcanized the app. Unfortunately, right now, running > vulcanize is our recommended way to get around CSP issues. > > > On Wed, Jul 9, 2014 at 12:17 PM, <[email protected] <javascript:>> > wrote: > >> Sure. This is the test code: >> >> <!DOCTYPE html> >> >> <html> >> <head> >> <title>PolymerApp</title> >> <!-- 1. Load platform.js for polyfill support. --> >> <script src="bower_components/platform/platform.js"></script> >> >> <!-- 2. Use an HTML Import to bring in the element. --> >> <link rel="import" >> href="bower_components/paper-button/paper-button.html" /> >> <link rel="stylesheet" href="styles.css"> >> </head> >> >> <body> >> <h1 id="greeting"></h1> >> <paper-button label="flat button"></paper-button> >> <paper-button label="raised button" raisedButton></paper-button> >> <script src="main.js"></script> >> </body> >> </html> >> >> >> and here are the errors: >> >> >> 1. Refused to evaluate a string as JavaScript because 'unsafe-eval' >> is not an allowed source of script in the following Content Security >> Policy >> directive: "default-src 'self' chrome-extension-resource:". Note that >> 'script-src' was not explicitly set, so 'default-src' is used as a >> fallback. observe.js:794 >> 1. (anonymous function)observe.js:794 >> 2. (anonymous function)observe.js:797 >> 3. (anonymous function)observe.js:1716 >> >> Refused to execute inline script because it violates the following >> Content Security Policy directive: "default-src 'self' >> chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash >> ('sha256-...'), or a nonce ('nonce-...') is required to enable inline >> execution. Note also that 'script-src' was not explicitly set, so >> 'default-src' is used as a fallback. core-meta.html:61 >> Refused to execute inline script because it violates the following >> Content Security Policy directive: "default-src 'self' >> chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash >> ('sha256-...'), or a nonce ('nonce-...') is required to enable inline >> execution. Note also that 'script-src' was not explicitly set, so >> 'default-src' is used as a fallback. core-iconset.html:65 >> Refused to execute inline script because it violates the following >> Content Security Policy directive: "default-src 'self' >> chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash >> ('sha256-...'), or a nonce ('nonce-...') is required to enable inline >> execution. Note also that 'script-src' was not explicitly set, so >> 'default-src' is used as a fallback. core-icon.html:43 >> Refused to execute inline script because it violates the following >> Content Security Policy directive: "default-src 'self' >> chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash >> ('sha256-...'), or a nonce ('nonce-...') is required to enable inline >> execution. Note also that 'script-src' was not explicitly set, so >> 'default-src' is used as a fallback. paper-focusable.html:34 >> Refused to execute inline script because it violates the following >> Content Security Policy directive: "default-src 'self' >> chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash >> ('sha256-...'), or a nonce ('nonce-...') is required to enable inline >> execution. Note also that 'script-src' was not explicitly set, so >> 'default-src' is used as a fallback. paper-ripple.html:88 >> Refused to execute inline script because it violates the following >> Content Security Policy directive: "default-src 'self' >> chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash >> ('sha256-...'), or a nonce ('nonce-...') is required to enable inline >> execution. Note also that 'script-src' was not explicitly set, so >> 'default-src' is used as a fallback. paper-shadow.html:64 >> Refused to execute inline script because it violates the following >> Content Security Policy directive: "default-src 'self' >> chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash >> ('sha256-...'), or a nonce ('nonce-...') is required to enable inline >> execution. Note also that 'script-src' was not explicitly set, so >> 'default-src' is used as a fallback. paper-button.html:84 >> >> However thanks for the suggestion about the external scripts. It will >> help for sure. >> >> >> Il giorno mercoledì 9 luglio 2014 17:22:31 UTC+2, Eric Bidelman ha >> scritto: >>> >>> Can you elaborate on the CSP errors? >>> >>> BTW, if you're worried about a single JS file becoming too big, develop >>> your components by referencing an external js file. >>> >>> <polymer-element name="my-element"> >>> ... >>> <script src="path/to/my-element.js"></script> >>> </polymer-element> >>> >>> See http://www.polymer-project.org/docs/polymer/polymer.html# >>> altregistration. >>> >>> >>> On Wed, Jul 9, 2014 at 10:13 AM, <[email protected]> wrote: >>> >>>> Hello all. I'm about to decide whether to use Polymer in a Chrome >>>> Packaged Application in the near future. Since the project will be quite >>>> big (it's a rewriting of a software currently written in Java and NetBeans >>>> Platform), I'm quite worried about using Vulcanizer as my main file will >>>> grow up a lot. So, I was wondering: is there any plan on bringing Polymer >>>> on Chrome Packaged Apps natively? I tried running a test app in Chrome Dev >>>> Editor and Chrome 36 Beta, but I still get CSP-related errors, so I guess >>>> that HTML imports and Observe-js becoming native are not the only missing >>>> pieces...Can someone give me a clue? >>>> >>>> Follow Polymer on Google+: plus.google.com/107187849809354688692 >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "Polymer" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/polymer-dev/2dd04aeb-0d00-404c-af63-e8f38b3d42d8% >>>> 40googlegroups.com >>>> <https://groups.google.com/d/msgid/polymer-dev/2dd04aeb-0d00-404c-af63-e8f38b3d42d8%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> Follow Polymer on Google+: plus.google.com/107187849809354688692 >> --- >> You received this message because you are subscribed to the Google Groups >> "Polymer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/polymer-dev/1c1f2c64-6263-4544-a552-d60d2b389bb4%40googlegroups.com >> >> <https://groups.google.com/d/msgid/polymer-dev/1c1f2c64-6263-4544-a552-d60d2b389bb4%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > Follow Polymer on Google+: plus.google.com/107187849809354688692 --- You received this message because you are subscribed to the Google Groups "Polymer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/polymer-dev/35910d74-120c-4bd5-8036-c7b268d4af47%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
