I am making an gmail extension and trying to login my website through Google oauth, I added the below code in my extension folder and using gmail.js plugin for writing extension code.
gmail.tools.add_compose_button(compose_ref, '<script src = "https://plus.google.com/js/client:platform.js" async defer></script> <div id="gConnect" class="button"><button class="g-signin" data-scope="email"data-clientid="787518087911-shac261d8d66ig523j8foql7f4v3k03m.apps.googleusercontent.com" class="callback" data-theme="dark"data-cookiepolicy="single_host_origin"></button><div id="response" class="hide"><textarea id="responseContainer" style="width:100%; height:150px"></textarea></div></div>',
function() {
$(document).on("click",".callback",function(){
debugger;
var primaryEmail;
for (var i=0; i < resp.emails.length; i++) {
if (resp.emails[i].type === 'account') primaryEmail = resp.emails[i].value;
}
document.getElementById('responseContainer').value = 'Primary email: ' +
primaryEmail + '\n\nFull Response:\n' + JSON.stringify(resp);
gapi.client.load('plus', 'v1', gapi.client.plus.people.get({userId: 'me'}).execute(document.getElementById('responseContainer').value));
I need to access the logged in userID, also I added this line in my manifest file:- "content_security_policy":"script-src 'self' https://apis.google.com; object-src 'self'",
but I am getting below error:
Refused to execute JavaScript URL because it violates the following Content Security Policy directive: "script-src 'nonce-UZ+ZHhZXVg4JFwAmZj9CQinub9Y' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.
Any help would be appreciated.
