I try to build my first extension and so far it is running pretty well.
I’ve tested it on my local machine by using the Twitch Developer Rig.
Sadly by switching to hosted testing it is not working any more.
Everything works great… I get the numeric user id and everything.
BUT: It seems like my AJAX/JQuery does not fire up at all.
I use a hosted PHP-script to export a JSON formatted stream with live results.
It looks like this:
var data_file = "https://www.website.com/json.php";
var http_request = new XMLHttpRequest();
try{
http_request = new XMLHttpRequest();
}catch (e){
try{
http_request = new ActiveXObject("Msxml2.XMLHTTP");
}catch (e) {
try{
http_request = new ActiveXObject("Microsoft.XMLHTTP");
}catch (e){
console.log("Browser broke!");
return false;
}
}
}
http_request.onreadystatechange = function(){
if (http_request.readyState == 4 ){
var jsonObj = JSON.parse(http_request.responseText);
and so on...
Maybe it’s obvious but since I’m an absolute starter: What could be the issue here?
Thank you guys!
Refused to execute a script because ‘unsafe-eval’ does not appear in the script-src directive of the Content Security Policy. (which points to: mTimer = setTimeout(‘loadJSON();’,500)
You have inline scripts or evals which are not allowed by extension policy. All JavaScript must be loaded from a .js file, loaded relatively to the html
This indicates that your code didn’t run in order to make the request.
The javascripts are loaded on the header of the video_overlay.html
the function loadJSON is in one of those .js-files in the package.
Since I’m new to this: What is the meaning of inline scripts and evals. I don’t get that seeing that pointed line.
Thanks for your help!
EDIT:
Maybe I have made a wrong embed, so my header looks like this:
Argh, just an additional question regarding working around inline javascript:
What would be the correct solution to correct this rejected inline js: <a href=# onclick="dothis(1)"><div id=field style='position: absolute; left: -100%; bottom: 120px; vertical-align: middle; text-align: center; display: inline-block; width: 40%; height: 30px; padding: 5px; background-color: #4ab73c; border-radius: 5px;'>Text</div></a>
Error: [Error] Refused to execute a script for an inline event handler because ‘unsafe-inline’ does not appear in the script-src directive of the Content Security Policy. (video_overlay.html, line 73)
the function dothis() does this:
function dothis(number){
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
}
};
xhttp.open("POST", "https://www.website.com/post.php", true);
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhttp.send("number="+number);
document.getElementById("field").style.backgroundColor = "#000000";
stop_animating();
}